Abstract
Banking supervision in South Africa has been effective in reducing the impact of the global financial crisis. The banks have remained profitable, and capital adequacy ratios have been maintained well above the regulatory minimum. The supervisory and regulatory framework has been strengthened substantially. A specific regulation dealing with country and transfer-risk regulation should be drafted. The registrar’s remedial powers in banks should be strengthened. The Bank Supervision Department should expand its expertise in specialized areas such as operational risk and countering the abuse of financial services.
I. Summary, Key Findings and Recommendations
A. Summary
1. Banking supervision in South Africa has been effective and has contributed to reducing the impact on the financial sector of the global financial crisis. Throughout the crisis, the banks have remained profitable and capital adequacy ratios have been maintained well above the regulatory minimum. The registrar’s direct access to the board and the audit committee, combined with the sound governance requirements for banks, have been effective in raising board awareness of regulatory and supervisory matters and ensuring strong risk management in South African banks.
2. The Bank Supervision Department (BSD) of the South African Reserve Bank (SARB) is to be commended for its early adoption and full implementation of the Basel II framework in an emerging market environment on 1 January 2008, and its continuous efforts to remain in line with subsequent international developments. The systemic risk-add on and the implementation of idiosyncratic capital buffers have contributed to the strength and stability of the South African banking system. The overall implementation of the Basel II advanced approaches has been rigorous and comprehensive.
3. The supervisory and regulatory framework has been strengthened substantially following the recommendations of the 2000 FSAP and the 2008 FSAP Update. A legal framework and practical arrangements for combating money laundering and other forms of financial crime have been introduced, as well as regulatory powers to address related party lending. Banking supervision is now applied on a consolidated basis, and cooperation between the BSD and the Financial Services Board (FSB) has advanced. The authorities are encouraged to further intensify their cooperation, e.g., by conducting joint inspections at group level and by exchanging supervisory reports on individual groups.
4. The assessment found some areas where the regulatory and supervisory framework should be further improved. The capital adequacy regulation should allow for explicit revocation of the advanced approaches for credit and market risk. A specific regulation dealing with country and transfer risk regulation should be drafted. Although the exposures are considered relatively small, the BSD does not have a consolidated view of banks’ individual country and transfer risks. Prudential returns should be expanded to include information on country and transfer risk exposures, as well as related party lending.
5. The registrar’s remedial powers for addressing problems in banks should be strengthened. The registrar cannot appoint a curator at a bank, and there are severe limitations on his authority to cancel or suspend a bank’s license. These constraints limit the registrar’s ability to act decisively in case of emerging problems at a bank.
6. The BSD appears to be short of human resources, considering the increasing complexity of banking and banking regulation. It needs to expand its expertise in specialized areas such as operational risk (including IT risk) and countering the abuse of financial services (AML/CFT). It also needs to expand staff involved in credit risk reviews. The BSD’s extensive reliance on internal and external auditors for IT operational risk matters is not in line with international best practice.
B. Introduction
7. This assessment of the current state of compliance with the Basel Core Principles for Effective Banking Supervision in the Republic of South Africa has been undertaken as part of a joint IMF-World Bank Report on the Observance of Standards and Codes (ROSC) mission.1 The assessment was conducted in March 2010. It reflects the banking supervision practices of the South African authorities as of end-March 2010.
C. Information and methodology used for assessment
8. The assessment is based on several sources: (i) a self-assessment prepared by the Bank Supervision Department (BSD) of the South African Reserve Bank (SARB); (ii) detailed interviews with the registrar and staff from the BSD; (iii) reading of laws, regulations, and other documentation on the supervisory framework and on the structure and development of the South African financial sector; and (iv) meetings with the National Treasury, the Financial Services Board, the banking association as well as with individual institutions representing different categories of bank, and an accountancy firm. The assessment also takes account of the report of the 2008 FSAP.
9. The assessment was performed in accordance with the guidelines set out in the Core Principles (CPs) Methodology.2 It assessed compliance with both the “essential” and the “additional” criteria, but the ratings assigned were based on compliance with the “essential” criteria only. The Methodology requires that the assessment be based on the legal and other documentary evidence in combination with the work of the supervisory authority as well as the implementation in the banking sector. The assessment of fulfillment of the CPs is not, and is not intended to be, an exact science. Banking systems differ from one country to the next, as do their domestic circumstances. Furthermore, banking activities are changing rapidly around the world, and theories, policies, and best practices of supervision are swiftly evolving. Nevertheless, it is internationally acknowledged that the CPs are minimum standards.
10. This assessment is based solely on the laws, supervisory requirements, and practices that were in place at the time it was conducted. However, where applicable the assessors made note of regulatory initiatives which have yet to be completed or implemented.
11. The assessment team enjoyed excellent cooperation with its counterparts, and received all the information it required. The team extends its thanks to the management and staff of the various agencies and institutions, and to the staff of BSD in particular, for their openness and participation in the process. The authorities provided comments on a draft version of this assessment, which are reflected in the final assessment.
D. Institutional and macro-prudential setting, market structure overview
12. The South African Reserve Bank Act of 1989, together with the Banks Act of 1990 and the Mutual Banks Act of 1993, assigns responsibility for the registration and supervision of banks to the SARB. The Acts provide that within the SARB the powers for bank registration and supervision are assigned to an Office for Banks (usually referred to as the Bank Supervision Department, or BSD) headed by the registrar of Banks. Together with the Regulations issued under the Banks Act by the minister of finance, these Acts provide a comprehensive legal framework for banking supervision in South Africa. Under the Acts, the registrar, as an employee of the SARB, is accountable to the Governor of the SARB and also has a direct reporting line to the minister.
13. Besides the SARB, other authorities directly or indirectly involved in banking supervision include the Financial Services Board (FSB), the Financial Intelligence Centre (FIC) and the National Credit Regulator (NCR), which are each governed by a dedicated Act. The FSB is responsible for supervising non-bank financial institutions such as insurance companies, pension funds, money market funds and stockbrokers. The FIC’s principal task is to combat abuse of financial services, while the NCR is principally a consumer protection agency. The relevant Acts provide for cooperation between the SARB and the other authorities.
14. There are currently 34 commercial banks in South Africa. Of these, 13 are locally controlled banks, 6 are subsidiaries of foreign banks, 13 are local branches of foreign banks and 2 are mutual banks. There are also 41 representative offices of foreign banks. The banking industry is dominated by four large banks; their assets represent approximately 85 percent of total banking assets. The locally incorporated banks have subsidiaries and branches in foreign jurisdictions, mainly in other African countries, Europe and Asia.
15. The BSD’s mission statement commits it to “the effective and efficient application of international regulatory and supervisory standards”, which was evidenced by its relatively early adoption of the entire Basel II framework in 2008. The BSD has a risk-based approach to supervision. The banks consider its approach to supervision to be strict but fair and effective.
16. The South African financial sector fared relatively well throughout the global financial crisis. This may be attributed to the fact that the sector is largely domestically oriented, but local bankers put part of the credit on the quality of banking supervision. Banks’ asset quality has deteriorated over the past two years, but banks remained profitable and continued to maintain capital adequacy ratios above the minimum requirement. No government support or LOLR operations by the SARB have therefore been needed. As of the fourth quarter of 2009, credit impairment trends have started to improve.
E. Preconditions for effective banking supervision
Sound and sustainable macro-economic policies
17. Policies have been countercyclical, with a large investment-centered fiscal stimulus over the past two years and substantial monetary easing. Budget plans envisage a moderation in spending growth over the medium term. There are risks to the medium-term fiscal position, particularly if complementary reforms to improve public service delivery and enhance efficiency in infrastructure provision are delayed. The authorities emphasize that they intend to run a disciplined and pragmatic fiscal policy, including taking action well before net government and government guaranteed debt reaches their debt limit of 50 percent of GDP. They are also focusing on improving public service delivery.
18. The monetary policy stance has been appropriate. The South African Reserve Bank (SARB) is aware of inflation risks and has indicated its intention to use monetary policy as needed to anchor inflation expectations and keep inflation within its target band.
A well developed public infrastructure
19. South Africa’s legal and accounting infrastructure are of a quality comparable to that in many advanced economies. Contract and property laws are based on common law and can be enforced. The commercial court system appears to be efficient and capable of delivering judgment without excessive delay. Accounting and auditing standards are reported to be among the best in the world. The accounting and auditing professions are governed by the Auditing Professions Act of 2005, and IFRS and the International Auditing Standards have been adopted.
Effective market discipline
20. From 2004, South Africa adopted International Financial Reporting Standards (IFRSs) issued by the International Accounting Standards Board (IASB). The financial statements must be prepared in accordance with IFRS and must provide a true and fair view of the entity’s financial position and performance. The annual accounts must be audited, with the half-yearly reports subject to either review or audit. The accounting profession in South Africa is well established and recognized as being of a high international caliber.
21. Listed companies are subject to a modern continuous disclosure regime, and banks are subject to specific disclosure requirements which include publication of their annual reports. The SARB prescribes key elements to be disclosed, including the entities’ governance and risk-management arrangements, as well as audited financial statements. The SARB also publishes financial statement information on the industry.
Mechanisms for providing an appropriate level of systemic protection (or public safety net)
22. The framework for domestic contingency planning has been strengthened. Crisis prevention is supported by the expansion of channels of communication between the National Treasury (NT) and the SARB. Also, a Financial Sector Contingency Forum3 (FSCF) was created in 2002 with the objective to facilitate cross sectoral cooperation in identifying threats to the stability of the South African financial sectors and to obtain approval for appropriate mutual plans and structures to mitigate such threats and to coordinate responses in the resolution of crises. In late 2009, in an endeavor to redefine the focus of the FSCF and to streamline its effectiveness, the structure was reviewed. Two subcommittees were established: the Operational Subcommittee and the Financial Risk Subcommittee. A number of task teams and subcommittees that had been in existence at the time, were consolidated into these new subcommittees.
23. The SARB is currently reviewing its contingency planning and crisis management strategies and policies as part of the work of the FSCF. Besides its regular facilities, the SARB can provide exceptional liquidity assistance against pledged collateral or a government guarantee. Eligible collateral for lender of last resort operations in times of general distress could be further clarified in a regulation issued in terms of the SARB Act of 1989. Such a regulation would describe the criteria under which banks are able to obtain advances and discounts, outline the lending programs available, indicate the terms and conditions under which the credit is granted, and describe the types of eligible collateral for advances requiring security.
24. The implementation of a deposit insurance scheme with mandatory membership in the commercial banking sector is needed. Deposit insurance should primarily aim to protect small depositors and avoid creating ambiguities in bank intervention powers. As the plans for a specific regime for deposit insurance for cooperative banks may progress at greater speed, the implementation of an explicit scheme with mandatory membership in the commercial banking sector is needed to level the playing field and limit the potential for contagion in the banking sector.
25. Limited progress has been made in the launching a deposit insurance scheme in South Africa. A draft Deposit insurance bill 2008 has been circulated by the National Treasury to interested parties for comments but discussions between the relevant parties are still ongoing and no timeline for finalization or public consultation of the proposals has been set. A range of challenges complicate this matter, such as the smooth integration into the current supervisory and regulatory landscape, the need to take into account the specificities of the South African financial system, and the predominant role of corporate depositors in previous bank run episodes. In light of the recent draft liquidity proposals issued by the Basel Committee on Banking Supervision in December 2009, the absence of explicit deposit insurance regulation may have an adverse effect on the South African banks.
II. Detailed Assessment
| Principle 1 | Objectives, autonomy, powers, and resources. An effective system of banking supervision will have clear responsibilities and objectives for each authority involved in the supervision of banks. Each such authority should possess operational independence, transparent processes, sound governance, and adequate resources and be accountable for the discharge of its duties. A suitable legal framework for banking supervision is also necessary, including provisions relating to authorization of banking establishments and their ongoing supervision; powers to address compliance with laws as well as safety and soundness concerns; and legal protection for supervisors. Arrangements for sharing information between supervisors and protecting the confidentiality of such information should be in place. |
| Principle 1(1) | Responsibilities and objectives. An effective system of banking supervision will have clear responsibilities and objectives for each authority involved in the supervision of banks. |
| Description | The South African Reserve Bank Act of 1989 in Section 10(1)(v) assigns responsibility for performing the functions specified in the Banks Act of 1990 and the Mutual Banks Act of 1993 to the SARB. Section 3 of the Banks Act (BA) says that there shall be, as part of the SARB, an Office for Banks (usually referred to as the Bank Supervision Department, or BSD) headed by the registrar of Banks which shall be responsible for the registration of banks as well the other purposes of the Banks Act. The Mutual Banks Act specifies that the Office for Banks is also responsible for the registration and supervision of mutual banks. Together with the Regulations issued under the Banks Act, which have the same legal status as the Act itself (BA section 1), these Acts provide a comprehensive legislative framework for banking in South Africa. Besides the SARB, other authorities directly or indirectly involved in banking supervision include the Financial Services Board (FSB), the Financial Intelligence Centre (FIC) and the National Credit Regulator (NCR), which are each governed by a dedicated Act. The FSB is responsible for supervising non-bank financial institutions such as insurance companies, pension funds, money market funds and stockbrokers. The FIC’s principal tasks are to combat money laundering and financing of terrorism, and to assist in identifying the proceeds of unlawful activities. The NCR’s duties include the promotion of financial access, protecting consumers of credit (including residential mortgage loans), registration of credit providers and debt counselors, and consumer education in relation to credit matters. The relevant Acts provide for cooperation between the SARB and the other authorities. The Banks Act in Chapter VI sets out the minimum prudential requirements. Detailed requirements are contained in a comprehensive range of regulations covering capital, liquidity, large exposures, specific risk areas, bank ownership and control, various aspects of the corporate governance of banks, disclosure requirements, etc. The Banks Act and the Regulations are frequently reviewed by a Standing Committee for the Revision of the Banks Act in order to ensure that the legal framework is kept up to date if circumstances change or if the administration of the Act has shown changes to be advisable (BA section 92). This allows inter alia for the regulator to be able to comply with new developments in international standards, such as those issued by the Basel Committee on Banking Supervision. The mission of the BSD, as stated in its Annual Reports, is “to promote the soundness of the banking system through the effective and efficient application of international regulatory and supervisory standards”. The Standing Committee provides recommendations on amendments to the minister of finance, who is responsible for issuing Regulations (BA section 90; Parliamentary approval is required for changes to the Act, but not for changes to the Regulations). The Committee is chaired by a Deputy Governor of the SARB and it comprises representatives of the registrar, the bankers’ association, the auditors’ association, and others. The Committee usually acts upon proposals of the registrar. It may make changes to the registrar’s proposals, but it has never blocked any proposals. The process may occasionally be cumbersome and time-consuming, but it helps to create support and to satisfy the minister that proposed amendments have been carefully considered and widely consulted in a transparent manner. All changes to the Act and the Regulations follow a wide public consultation process prior to enactment, after which they are published in the Government Gazette and on the SARB’s website. If quick action is called for, the registrar may issue a Directive that is applicable to all banks, without going through the Standing Committee process and without requiring the prior approval of the minister. Such generally applicable Directives are normally later turned into Regulations. The registrar may also issue Circulars on specific interpretation issues and Guidance Notes for general information purposes. The BSD’s Annual Reports provide detailed information on developments in the banking industry as well as on supervisory and regulatory developments. In addition, the SARB publishes a monthly brochure (both in physical form and on its website) entitled “Selected South African banking sector trends”. All prudential returns are published on the SARB’s website on an aggregate basis, and the balance sheets are also published for each bank individually. Regulation 43 (on public disclosure) requires each bank to publish reliable, relevant and timely qualitative and quantitative information that enables an accurate assessment of the bank’s financial condition. Regulation 44 (on annual financial statements) requires all banks to publish annual financial statements in accordance with Financial Reporting Standards, with additional disclosure when called for. As part of its planning process, the BSD classifies all banks on a quarterly basis as a high risk, medium risk or low risk bank. The classification is two-dimensional in the sense that both the complexity and systemic importance of each bank as well as its risk profile are taken into account. A list of all banks and their risk classifications is discussed on a quarterly basis at the BSD’s management committee meeting. On the basis of the classification, the management committee determines for each bank the length of the supervisory cycle and the supervisory resources to be allocated. |
| Assessment | Compliant. |
| Comments | |
| Principle 1(2) | Independence, accountability, and transparency. Each such authority should possess operational independence, transparent processes, sound governance, and adequate resources and be accountable for the discharge of its duties. |
| Description | The BA provides that the SARB shall, subject to the approval of the minister of finance, designate one of its employees to be the registrar of Banks. The registrar shall perform the duties assigned to him by the BA, under the control of the SARB and in accordance with directions as may be issued to him by the SARB (BA section 4(1)). Being an employee of the SARB, the registrar is appointed for an indefinite period. The present registrar has held his office since 2003, when his predecessor reached the retirement age. The possible reasons for removal of the registrar from office, which could only be done by the senior management of the SARB, are not specified in the BA. Removal of the registrar would be subject to the general legal provisions governing employment relations, as well as SARB employment contracts and policies. The registrar submits an Annual Report to the minister of finance, who transmits it to the Parliament. The Annual Report is also made publicly available by the registrar. The objectives of the registrar are spelled out in the BA as well as in the BSD’s mission statement. Actions taken to achieve the objectives are elaborated in the Annual Reports as well as in other publications, presentations to banks and other parties, and press contacts. The BSD’s operations are financed from the budget of the SARB, which has operational independence. There is no evidence of government or industry interference with the BSD’s operations and budget. The registrar does not consider the BSD’s budget to pose a constraint on the effectiveness of its operations. The BSD is able to attract and retain staff with the required skills, and staff turnover is not out of line with market practice. The majority of BSD personnel employed in the analysis section, risk specialist areas and the legal section hold post graduate qualifications and there are some chartered accountants as well specialists in particular aspects of banking and risk areas (although, as discussed under the applicable CPs, their number may need to be increased). The BSD spends considerable sums on staff training, by way of its own training programs, by sending staff to outside courses (both domestically and overseas) and by inviting outside experts to provide training at the SARB. The BSD and its supervisory staff are well-regarded by the industry. The BSD occasionally hires outside experts to perform certain investigations (e.g., on illegal deposit taking). The BSD’s budget allows for obtaining equipment and for travelling as required for the fulfillment of its objectives. |
| Assessment | Compliant. |
| Comments | |
| Principle 1(3) | Legal framework. A suitable legal framework for banking supervision is also necessary, including provisions relating to authorization of banking establishments and their ongoing supervision. |
| Description | The Banks Act provides for the registrar to perform the functions assigned to him by or under the Act (BA section 3). These include the authorization and registration of banks (BA sections 11–25) and the ongoing supervision of their operations. Under BA section 23, the minister’s approval is needed for the cancellation or suspension of a bank’s registration. The registrar may obtain from banks, banks’ controlling companies and subsidiaries of banks and banks’ controlling companies such information as he may reasonably require for the performance of his duties under the Banks Act, including periodic returns as prescribed in the Act itself or in the Regulations (BA sections 7 and 75). |
| Assessment | Largely compliant. |
| Comments | It is not the registrar but the minister of finance who is responsible for setting prudential regulations. Prescribed prudential returns and instructions for their completion are included in the regulations issued by the minister. The registrar’s formal role in this respect is limited to issuing circulars with guidelines regarding the application and interpretation of the provisions of the Act (BA section 6(4)). In practice, however, it is the registrar who takes the initiative for changes to regulations and who prepares the drafts that are issued for consultation. |
| Principle 1(4) | Legal powers. A suitable legal framework for banking supervision is also necessary, including powers to address compliance with laws as well as safety and soundness concerns. |
| Description | The BA provides the registrar with an appropriate range of tools to address issues in banks. It is at his discretion to decide which tool to use in a particular case. Especially the registrar’s power to increase a bank’s individual capital requirement (Regulation 38(4)) or to derecognize the fitness and propriety of its executive officers (BA section 60(6)(a)), enable him to make banks take such action as he deems necessary. By virtue of BA section 6, the BSD has full access to all relevant information from banks, their parents and their subsidiaries, including internal management information. The BSD also has full access to banks’ boards, managers and staff and in fact meets with them frequently. Under the BA the minister’s approval is needed for the cancellation or suspension of a bank’s registration (BA section 23). Also, if in the opinion of the registrar a bank will be unable to meet its obligations, it is the minister who may appoint a curator to the bank if he deems this in the public interest (BA section 69); an additional condition in this case is that the written consent of the chief executive officer or the chairperson of the board of the bank concerned is required. |
| Assessment | Largely compliant. |
| Comments | In order to ensure that the registrar’s ability to act decisively when banks encounter serious difficulties will not be hampered, the minister’s role in supervisory remedial actions and the required consent of the bank’s CEO or chairperson for the appointment of a curator need to be reconsidered. |
| Principle 1(5) | Legal protection. A suitable legal framework for banking supervision is also necessary, including legal protection for supervisors. |
| Description | Section 88 of the Banks Act provides that no liability shall attach to the SARB or, either in his or her official or personal capacity, to any member of its board of directors, the registrar or any other employee, for any loss sustained by or damage caused to any person as a result of anything done or omitted in the bona fide performance of any function or duty under the Act. |
| Assessment | Compliant. |
| Comments | |
| Principle 1(6) | Cooperation. Arrangements for sharing information between supervisors and protecting the confidentiality of such information should be in place. |
| Description | Section 33 of the SARB Act indicates that BSD, as part of the SARB, is obliged to preserve the secrecy of any information acquired in the performance of its duties, except vis-à-vis the minister of finance or when under a court order. Notwithstanding this provision, BA section 89 allows the registrar to provide at his discretion information to domestic public officials if that information is essential to the proper performance of the latter’s functions, and to foreign supervisory authorities if the registrar is satisfied that the recipient is willing and able to keep the information confidential. The BA does not require the registrar to ensure that the recipient of such information maintains its confidentiality, but he does in practice do so. The Promotion of Access to Information Act of 2000 has cast some doubt on the registrar’s ability to maintain the confidentiality of information, but in practice it has not so far led to any problems. The Regulations under the BA indicate that the content of the prudential returns is confidential and not available for inspection by the public. MOUs are in place between the SARB’s BSD on the one hand and the FSB and thirteen foreign bank supervisory authorities on the other. MOUs between the SARB and a further twenty-one foreign supervisors, as well as with the FIC and the NCR, are in various stages of preparation. The BSD has organized supervisory colleges for host country supervisors of branches and subsidiaries of South African banks, and has attended foreign supervisors’ colleges in the role of a host supervisor. Regular meetings take place between the BSD and other relevant domestic authorities (e.g., consolidated banking group meetings with the FSB). |
| Assessment | Compliant. |
| Comments | |
| Principle 2 | Permissible activities. The permissible activities of institutions that are licensed and subject to supervision as banks must be clearly defined, and the use of the word “bank” in names should be controlled as far as possible. |
| Description | The terms “bank” and “business of a bank” are defined in section 1 of the BA. The “business of a bank” is defined principally as the taking of deposits and the use of the proceeds for lending and investment, as well as “any other activity which the registrar has ….. by notice in the Gazette declared to be the business of a bank”. It does not include banking-like business carried out by cooperatives (subject to such conditions as may be prescribed) and by institutions covered by other acts and designated by the minister of finance (e.g., mutual banks). However, such business is also subject to supervision by the registrar (in the case of mutual banks) or by the Treasury (in the case of cooperative banks; however, as of March 2010 no cooperative banks existed). BA section 22 limits the use of the word “bank” in names to institutions that are registered in South Africa and foreign institutions that have been registered either as a branch or a representative office. A current list of authorized banks and registered branches of foreign banks is published on the SARB’s website. |
| Assessment | Compliant. |
| Comments | |
| Principle 3 | Licensing criteria. The licensing authority must have the power to set criteria and reject applications for establishments that do not meet the standards set. The licensing process, at a minimum, should consist of an assessment of the ownership structure and governance of the bank and its wider group, including the fitness and propriety of board members and senior management, its strategic and operating plan, internal controls and risk management, and its projected financial condition, including its capital base. Where the proposed owner or parent organization is a foreign bank, the prior consent of its home-country supervisor should be obtained. |
| Description | The licensing of banks in South Africa is a two-step process. First, the applicant must receive an authorization to establish a bank, and second, the applicant must be registered as a bank (BA sections 12 and 16). It is the registrar who decides on the granting or refusal of both authorization and registration. The registrar will not grant an application for authorization unless he is satisfied that a range of conditions specified in the BA is fulfilled (BA section 13). Among these conditions are the availability of sufficient financial means to meet the requirements of the BA, the ability and willingness of the applicant to run a bank successfully and prudently, as well as others. An authorization lapses automatically after 12 months, and it may be withdrawn by the registrar before that if false or misleading information has been furnished by the applicant. An application for authorization must be nearly as complete as would be required for registration. The authorization would normally be granted under certain conditions (e.g., bring in the required capital, find a suitable chief executive officer, find premises). Once these conditions are met, the registrar may grant registration subject to such further conditions as he may determine (BA sections 17 and 18). One of the requirements for being granted registration is that the registrar is satisfied that the applicant will be able to continuously meet the requirements of the Banks Act (BA section 17(2)(b)). The licensing process is consistent with the BSD’s ongoing supervision process as described in its Supervisory Review and Evaluation Process (SREP) Manual. Before approval is granted, the registrar must be satisfied that the proposed bank will be able to submit the necessary returns on time in order for it to be properly supervised. Providing detailed information on all major shareholders is a requirement, and all shareholders, shareholding structures and sources of capital are evaluated and approved before registration. The evaluation includes an assessment of major shareholders’ ability to provide future financial support, and a letter of comfort is requested and received from all significant shareholders (i.e., shareholders holding more than 15 percent of the shares). Financial projections for the proposed bank are to be submitted with the application for authorization and registration. The BSD determines the viability of the projections. The minimum amount of initial capital is R 250,000,000 (BA section 70). As part of the registration process, directors and senior management are assessed for fitness and propriety, including an assessment of their knowledge of the proposed bank’s operations. The BSD has issued a Guidance Note recommending that new bank directors attend the directors training at the Gordon Institute of Business School (a well-regarded business school affiliated with the University of Pretoria). The BSD requires information on all business systems, business plans, management, auditors, etc. as part of the registration approval process. The process also includes the assessment of a bank’s policies and procedures regarding the detection and prevention of criminal activities and compliance with anti-money laundering requirements, although providing information on this is not yet required in the application form (Regulation 53, form BA 002). In case of a foreign bank wishing to set up a subsidiary or a branch in South Africa, the BSD seeks a written confirmation from the home supervisor that there is no objection to the proposed establishment, even though this is not required by the Banks Act (somewhat oddly, in the case of foreign banks wishing to set up a representative office in South Africa, there is such a requirement (BA section 34(2B)(b)(i))). The BSD will also seek to verify that the home supervisor practices consolidated supervision and meets international supervisory standards to a reasonable extent (BA section 18A(3)(b)). |
| Assessment | Compliant. |
| Comments | The BSD is in the process of including “…the detection and prevention of criminal activities …” in form BA 002 (Application for Authorisation/Registration) as well as Regulation 39 section (5) (minimum requirements for risk management processes, policies and procedures). |
| Principle 4 | Transfer of significant ownership. The supervisor has the power to review and reject any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing banks to other parties. |
| Description | Section 37 of the Banks Act provides that no person shall acquire more than 15 percent of the nominal value or the voting rights of all the issued shares of a bank or a controlling company without the written approval of the registrar. For acquisitions in excess of 49 percent, the written permission of the minister of finance is required. Permission will not be granted if this would, in the view of the registrar or the minister, be contrary to the interests of the bank concerned or its depositors, or to the public interest. Section 38 provides that bank shares must actually be held by the beneficial shareholder, i.e., transfer to nominees is not allowed. Section 42 defines a “controlling interest” as an interest of more than 50 percent of the nominal value of all the issued shares of a bank. Banks have to provide the BSD with an annual return concerning their shareholders (form BA 125). Dividends shall not be paid, and voting rights cannot be exercised, on shares that have been obtained in contravention of the provisions of the Banks Act (BA section 41). There is no specific requirement for banks to notify the BSD of any material information that may negatively affect the suitability of a major shareholder, but the BSD is of the view that such a requirement follows from the general obligation of a bank’s directors to act in good faith. |
| Assessment | Compliant. |
| Comments | Consider introducing a specific legal requirement for banks to notify the BSD of material information that negatively affects the suitability of its shareholders. The threshold of 15 percent beyond which supervisory approval is needed for acquiring shares in a bank appears to be rather high by international comparison – many countries have set the threshold at either 5 or 10 percent of a bank’s capital – but in the BSD’s experience this has not caused any problems. |
| Principle 5 | Major acquisitions. The supervisor has the power to review major acquisitions or investments by a bank, against prescribed criteria, including the establishment of cross-border operations and confirmation that corporate affiliations or structures do not expose the bank to undue risks or hinder effective supervision. |
| Description | Section 52 of the Banks Act stipulates inter alia that a bank shall not—without the prior written approval of the registrar and subject to such conditions as the registrar may set—establish or acquire a subsidiary, or invest more than 5 percent of its capital and reserves in a joint venture. Regulation 56 sets out the information that needs to be submitted to the registrar with an application for permission for investing in subsidiaries or joint ventures. The criteria by which the registrar assesses applications for such investment are not spelled out in laws or regulations. The BSD’s SREP Manual (under “Consolidated Supervision” → “Section 52 Policy”) describes the process followed by the BSD to assess applications for investments by banks or controlling companies. The process includes analysis of the bank’s shareholders, financial strength, legal and operational structure, risk profile and quality of management, as well as—in the case of foreign acquisitions or investments—secrecy laws and other regulations that might hinder information flows. Section 50 of the Banks Act provides that a company controlling a bank shall manage its investments in non-banking activities in such a manner that these investments do not exceed a certain threshold. This threshold has been set by the registrar at 40 percent of share capital and reserves (the so-called 60/40-rule). In other words, a bank controlling company is required to focus predominantly on banking activities. A bank’s non-banking activities are further restricted by BA section 76, which sets a limit to the sum of a bank’s investments in real estate and shares, and loans to subsidiaries. |
| Assessment | Largely compliant. |
| Comments | The Banks Act and the Regulations do not define the amounts (absolute or in relation to a bank’s capital) of investments by a bank in a subsidiary that need prior supervisory approval. Neither are the criteria specified that the registrar uses for approving or disapproving proposed investments in subsidiaries and joint ventures, although to some extent these are implicit in the information that has to submitted with an application for permission for acquisitions or investments (Regulation 56). Neither does the Banks Act nor any Regulation or BSD circular clearly indicate for which cases notification after the investment or acquisition is sufficient. Apparently all acquisitions and investments, no matter how small, require the registrar’s prior approval. The efficiency of the BSD’s use of resources might be increased, and the burden that supervision puts on the banks might be reduced, by exempting investments and acquisitions under a certain threshold from prior approval. |
| Principle 6 | Capital adequacy. Supervisors must set prudent and appropriate minimum capital adequacy requirements for banks that reflect the risks that the bank undertakes and must define the components of capital, bearing in mind its ability to absorb losses. At least for internationally active banks, these requirements must not be less than those established in the applicable Basel requirement. |
| Description | The capital adequacy rules apply to all banks in South Africa, including foreign branches, on a consolidated and solo basis. Section 70 of the Banks Act sets an absolute and a risk based minimum capital requirement for banks on a solo basis. Similarly, Section 70A of the Act sets a risk based minimum amount of capital for the controlling company on a consolidated basis. Section 4 of the Act allows the registrar to publish the factors relating to the setting of the capital adequacy ratios that are in excess of the prescribed minimum capital adequacy ratio. The capital of a bank is the sum of primary (Tier 1) and secondary (Tier 2) and tertiary (Tier 3) capital. Tier 1 capital must constitute at least 50 percent of the bank’s capital. The definitions of the capital components and the deductions applied to Tier 1 and total capital are specified in Regulation 38 (9–16) and Regulation 234 respectively and are in line with, and in many instances stricter than, the Basel requirements. The SARB implemented Basel II on 1 January 2008 for all banks5, except the mutual banks which remain on Basel I. Paragraph 4 of Regulation 38 gives the BSD the authority to set each bank’s capital ratio at any time and sets the minimum Tier 1 ratio at 7 percent, the minimum core Tier 1 ratio at 5.25 percent and the minimum total capital ratio at 9.5 percent. The 1.5 percent additional systemic requirement (Pillar 2a charge defined in reporting form BA700) across the board on top of the internationally agreed minimum capital ratio of 8 percent was imposed to align the Basel II underlying assumptions (for example, the calibration based on a diversified internationally active bank) to an emerging market environment. Although it is subject to continuous assessment, this systemic add-on was last determined at the time of the Basel II implementation 2008 on a capital planning cycle basis (3 to 5 years). Additionally, banks are required to keep an idiosyncratic capital buffer (Pillar 2b charge), as determined by the registrar reflecting the individual risk profile. The sum of both is regarded as the hard floor, based on which banks are required to set their target ratios. To ensure consistency, this idiosyncratic add-on is periodically set by the BSD review panel on a regular basis in function of the risk profile of the bank. The frequency of review varies with the BSD risk assessment of the bank. The BSD closely monitors compliance with the minimum capital ratio reported by the banks. In case of non-compliance, Section 74 of the Banks Act allows the registrar to impose fines. In practice however, the registrar will engage with the bank well before the ratio falls below the minimum. During that time, he also has the ability to use a variety of other enforcement powers under the Banks Act and the Regulations, for example the suspension of dividends or the issuance of a directive. The registrar also has the authority to require banks to adopt more forward looking approaches to capital management. In January 2009, the BSD used moral suasion to encourage the banks to increase their Tier 1 ratio due to the expected changes in market conditions. There have been no instances of a bank refusing to comply with capital adequacy requirements. By assessing the ICAAP and strategy of a bank, the BSD can also determine the overall capital adequacy in relation to a bank’s risk profile. The ICAAP assessment is performed at least biannually for low risk banks and annually for higher risk banks. Bank’s ICAAPs are discussed during prudential meetings with the relevant banks. The registrar allows the banks to use the Basel II advanced approaches for credit and operational risk as well as the internal models method for market risk. The accreditation for the use of internal risk estimates as regulatory inputs by particular banks is subject to rigorous qualifying standards and to the approval of the registrar (Regulation 23(10) a for the IRB approaches, Regulation 33(3)(b-c) for the advanced approaches for operational risk and Regulation 28(4)b for market risk). The registrar has the explicit power to revoke accreditation for the operational risk advanced approaches (Regulation 33(6)), but no explicit powers to revoke the advanced approach are included in the regulation for credit and market risk. However, the registrar has included the revocation power in the conditions for approval for the use of advanced approaches for credit and market risk. |
| Assessment | Largely compliant. |
| Comments | The BSD is to be commended for its early adoption and full implementation of the Basel II framework in an emerging market environment on 1 January 2008, and its continuous efforts to remain in line with subsequent international developments. There is no explicit power for the registrar to revoke the use of the advanced approaches for credit or market risk. Although the accreditation conditions point out that banks need the registrar’s prior written approval and banks are continuously required to meet the advanced model user conditions, an explicit revocation power should be added to the regulation, similar to Regulation 33(6) on operational risk. |
| Principle 7 | Risk management process. Supervisors must be satisfied that banks and banking groups have in place a comprehensive risk management process (including board and senior management oversight) to identify, evaluate, monitor, and control or mitigate all material risks and to assess their overall capital adequacy in relation to their risk profile. These processes should be commensurate with the size and complexity of the institution. |
| Description | Section 60B (1) of the Banks Act requires that the board of directors of any bank establish and maintain an adequate and effective process of corporate governance. The objectives of the corporate governance process are detailed in Section 60 B (2). Section 64A of the Banks Act requires, unless the registrar grants an exemption, the Risk and Capital Committee of the board to establish an independent risk management function and a group risk management function, where applicable. These legal provisions further cascade into Regulation 39 (4) which requires banks to have in place comprehensive risk management processes and board approved policies and procedures to identify, measure, monitor, control and report risk. Regulation 36 (17) ensures these requirements also apply to controlling companies. Regulation 39 (5) specifies the minimum requirements for the risk management processes and procedures. Furthermore, regulation 39 (15-17) specifically outlines the minimum requirements for board and senior management oversight, sound capital assessment, monitoring and reporting and internal control reviews. The requirement for the risk management processes, strategies and procedures to be duly documented is stated in Regulation 39 (5)f. Supervisory verification is guided by the SREP Manual “Analytical Framework – Corporate Governance and Risk Management”. The BSD obtains the bank’s policies and assesses their continuous adequacy and compliance with all aspects of the legislation and Regulation 39 during prudential meetings with the risk managers and heads of business units of the relevant banks. The frequency of the meetings depends on the risk based risk rating (set by the BSD) of the bank. It also verifies whether the bank’s policies are approved by the board and effectively implemented, appropriate limits are established and senior management monitors and controls all material risks. During its prudential meetings, the BSD makes an assessment of the timely reporting of risk information to the board and senior management. Various risk areas are discussed and an assessment of whether the policies and processes are appropriate in light of the bank’s risk profile and business plan is made. With regard to the new products, the bank’s policies and processes and in particular the role of the board are also verified. Should concerns arise, the BSD will perform a focused onsite visit or require internal or external auditors to review specific areas for compliance with banks policies, including limits. The board is also required to at least once a year assess and document whether the processes relating to corporate governance, internal controls, risk management, capital management and capital adequacy implemented by the bank achieve the objectives specified by the board (Regulation 39 (18)). This assessment is subject to review by external auditors. Through the assessment of a bank’s ICAAP, the BSD also determines whether senior management and the board understand the risks being taken and how that impacts on capital adequacy. In this respect, discussions between the registrar and the board, held at least biannually and annually for higher risk banks, also allow the registrar to gauge the board’s understanding. The board members involvement in the implementation of the ICAAP process was tabled as a “flavor of the year” topic6 in 2008. The ICAAP covers all material risks that a bank faces including the risks not directly addressed by the Core Principles like strategic and reputational risks. In case the registrar determines that the risk bank’s policies, processes and procedures relating to its risk assessment are inadequate, he has the power, in accordance with Regulation 38 (4), to require the bank to maintain additional capital and/or to strengthen its risk management policies or internal control systems. The Regulations require banks and controlling companies to perform a variety of Pillar 1 and Pillar 2 stress tests. Guidance note 9/2008 was issued by the BSD in 2008 to clarify supervisory expectations when performing the stress tests. For the banks that use internal models to measure components of risk, the BSD has a robust approval process in place and ensures that banks perform periodic and independent validation and testing of models and systems. The registrar has issued regulations related to, in particular, credit risk (Regulation 23 and 24), market risk (Regulation 28), liquidity risk (Regulation 26), interest rate risk in the banking book (Regulation 30) and operational risk (Regulation 33 and 34) |
| Assessment | Compliant. |
| Comments | |
| Principle 8 | Credit risk. Supervisors must be satisfied that banks have a credit risk management process that takes into account the risk profile of the institution, with prudent policies and processes to identify, measure, monitor, and control credit risk (including counterparty risk). This would include the granting of loans and making of investments, the evaluation of the quality of such loans and investments, and the ongoing management of the loan and investment portfolios. |
| Description | As described under Principle 7, Regulation 39 lays out the responsibility of the board of directors and senior management to ensure that effective credit risk management is in place and is adequate for the needs of the bank. In this respect, sub-regulations (7) to (12) of Regulation 39 specify strict governance requirements for IRB banks, like the requirement for the board of directors and senior management to approve all material aspects of the bank’s rating and risk estimation processes. Section 6 and 7 of the Banks Act provide the registrar with full access to information in the credit and investment portfolios. Section 60 of the Banks Act requires each director, chief executive officer or executive officer of a bank to avoid any conflict between the bank’s interest and his interest. As noted under Principle 7, the board also performs a yearly self assessment of the appropriateness of the governance processes. Regulations 23 and 24 drill further down into the more specific qualitative and quantitative requirements for credit risk for the IRB and standardized approaches. As part of the planning process, the BSD requires IRB banks to complete a questionnaire in the form of a self-assessment template provided by the BSD, which forms an important part of the supervisory process. The bank’s answers will be the basis for analysis and discussion of credit risk management strategies and significant policies and processes during prudential meetings focused on credit risk. The BSD also performs in-depth quantitative analysis, consisting of peer group comparisons and trend analysis, of the monthly returns. These findings allow the supervision team to challenge the bank’s senior management periodically on credit risk issues. Moreover, for IRB banks the BSD’s credit risk specialists perform specific onsite visits focusing on the wholesale and the retail portfolio as well as the review of new model developments. The assessment team reviewed the 2009 onsite IRB visits schedule and obtained confirmation from the relevant banks on the frequency and rigor of these reviews and the IRB accreditation process in general. For an additional verification of the adequacy and effectiveness of a bank’s policies and procedures, the BSD significantly relies on the work of internal and external auditors. For all banks, in accordance with Regulation 46 (4), the external auditor reports to the registrar on any significant weaknesses in the system of internal controls relating to the granting of loans, the making of investments, the ongoing management of the loan and investment portfolios and the relevant credit impairments or loan loss provisions and reserves. In respect of the work performed by external auditors, the BSD held extensive discussions with the South African Institute of Chartered Accountants to ensure the appropriateness of the regulation 46-reports in view of the applicable standards on auditing, review engagements and assurance engagements as well as the BSDrequirements. The content of the reports was signed off by both parties after mutual agreement. Regulation 46-reports are therefore based on detailed criteria developed jointly by the BSD and the external auditors. It is important to note that some of the audit opinions reviewed by the assessment team were “limited assurance” opinions, meaning that the auditor will only report significant weaknesses noted while performing his duties. In such cases, he will not perform any additional procedures to identify significant weaknesses in internal control unless specifically asked by the BSD. During bilateral meetings with the auditors the BSD may request additional work to be done on specific credit risk issues identified through monthly analysis and queries, graph discussions and prudential meetings, which include matters related to internal controls. These requests, when made, are stipulated in a formal letter to the external auditors. For IRB banks only, external auditors also perform an additional annual review (long form report) of the bank’s estimates and models used for the IRB approaches. These auditors reports are reviewed, assessed and discussed by the BSD with the auditors (bilateral meeting) as well as with the bank’s audit committee and external auditors as part of the trilateral meeting. Sample reports of both categories that is a Regulation 46(4) and a long form report, were reviewed by the assessment team and were considered thorough and professional. Regular monitoring and peer group benchmarking of the quantitative estimates by credit risk specialists are in place. The outcomes of these reviews are shared and debated with the banks. The assessment team examined a sample monitoring report and considered the scope and level of detail adequate for its purpose. Annual reviews of compliance with the IRB requirements are carried out by the BSD or by the external auditors. For the standardized banks, an onsite review team of the BSD has over the past year mainly focused on the correct implementation of the standardized approach. Areas covered during on-sites include the correct assignment of risk weightings to exposures, the use of eligible credit assessment institutions, the compliance with specific collateral requirements, the assignment of exposures to past due buckets etc. The reviews are performed on a portfolio basis as well as on a sample transaction basis, with specific exposures being selected and compliance with documentation requirements verified. The assessment team reviewed the visit schedule and work plan of the review team. Section 73 of the Banks Act requires that credit decisions in excess 10 percent of qualifying capital are taken by a board appointed committee and exposures exceeding 25 percent of qualifying capital require additional approval by the registrar. All banks submit an ICAAP which includes credit concentration risk. For its own analytical purposes, the BSD keeps a record of large outstanding credit exposures by individual banks. The BSD does not have a specific stipulation in its regulations or the law that requires banks to monitor the total indebtedness of entities to which they extend credit. Nevertheless, during its onsite visits of standardized banks, the review team focused on the limit for individual exposures to be classified as retail exposures under Basel II. Hence, it analyzed and assessed current practices of banks in terms of aggregation of exposures to a particular counterpart. |
| Assessment | Compliant. |
| Comments | |
| Principle 9 | Problem assets, provisions, and reserves. Supervisors must be satisfied that banks establish and adhere to adequate policies and processes for managing problem assets and evaluating the adequacy of provisions and reserves. |
| Description | Regulation 23 (22) requires banks to have a “sufficiently robust system for the calculation of credit impairment” in accordance with Financial Reporting Standards. The definition of impaired assets in this regulation explicitly includes off-balance sheet exposures, with reporting requirements encompassing both on and off balance sheet items. Regulation 24 (5)(c) specifies criteria for assets of standardized banks to be classified into specific loss categories (special mention, substandard, doubtful and loss) but does not specify prescribed provisioning percentages for the categories. Regulation 23 (22)b gives the power to the registrar to require the relevant bank to raise provisions if he believes they are inadequate. For the supervisory verification of the adequacy of banks’ treatment of problem assets the BSD relies partly on work done by external auditors. External auditors review the adequacy of bank’s policies and provisioning as part of the annual audit with the application of Financial Reporting Standards. They also report, in a limited assurance opinion, as part of the Regulation 46(4) report on significant weaknesses in the system of internal control as regards policies, practices and procedures of the bank relating to credit impairments or loan loss provisions and reserves. That said, some of the requirements of the essential criteria of this core principle like the periodical assessment of the value of risk mitigants, the periodic review of problem assets, the adequacy of organizational resources for identification, the oversight and collection of problem assets, the timely and appropriate information to the board of the condition of the asset portfolio are not explicitly captured by the external auditors brief in Regulation 46 (4) or the regulation. They form part of a “sufficiently robust system for calculation of credit impairment”. It is recommended the BSD clarify its principles-based expectations of a “robust system for the calculation of credit impairment” in more detail in a regulation or a guidance note. The review team has focused on onsite reviews for standardized banks relating to the adequate implementation of the standardized approaches (refer Core Principle 8) including the correct classification of the overdue bucketing categories. The bank-specific supervisory team also performs quantitative analysis of the problem assets, including peer group comparisons and trend analysis, as reported in the monthly returns. These findings allow the supervision team to challenge the bank’s senior management periodically during prudential meetings and the board of directors, if required, on problem assets, provisioning and reserving issues. The assessment team reviewed a graph analysis presentation and concluded that this was comprehensive for its purposes. The BSD conducts regular prudential meetings with the banks’ management responsible for credit risk and, in addition, monitors issues identified by the internal audit function of a bank. On a monthly basis, the credit risk specialist function compares and monitors individual banks’ levels of impaired advances and levels of specific impairments against such advances with those of its peers (so-called credit risk Dashboard-report). Large or unexpected movements, as well as trends that appear to be out of line with the peer group for individual banks are followed up rigorously through discussions, working sessions or focused prudential meetings, depending on the gravity of the situation. In the course of 2009, the BSD performed a survey on credit risk across all banks, asking specific questions on collateral valuation, impairment and best estimates in 6 to 12 months time. The outcomes of the survey are likely to be used in the policy process with the objective to further refine the current standardized approach risk weights. |
| Assessment | Largely compliant. |
| Comments | BSD relies, as part of its supervisory approach, on the FRS provisions as audited by the external auditor and the outcomes of the external auditors report under Regulation 46 (4). It is recommended that more specific qualitative guidance on the BSD’s requirements be provided to the external auditors and/or the banks to ensure that all the essential criteria of this core principle are addressed. This applies in particular to areas such as the periodical assessment of the value of risk mitigants, the periodic review of problem assets, the adequacy of organizational resources for identification, the oversight and collection of problem assets, and the timely and appropriate information to the board of the condition of the asset portfolio. The BSD should also clarify its expectations with regard to forward looking provisioning for prudential purposes with banks and/or external auditors. More explicitly, a general allowance for credit impairment is not a clearly defined concept under IFRS and part of it may be included in Tier 2 capital. |
| Principle 10 | Large exposure limits. Supervisors must be satisfied that banks have policies and processes that enable management to identify and manage concentrations within the portfolio, and supervisors must set prudential limits to restrict bank exposures to single counterparties or groups of connected counterparties. |
| Description | Regulation 39 (3) and (4) requires banks to ensure adequate policies and procedures to identify and manage concentration risk are in place. The criteria for determining “connected persons” are set out in Section 73(3)a as well as in Regulation 65, which defines the notions of person and connected person. Section 73(4) allows the registrar to exercise discretion on a case by case basis. The prudential concentration limits are set in Section 73 (1)a of the Banks Act, which requires banks to obtain board or board Committee approval for exposures greater than 10 percent of qualifying capital. Directive 5/2008 requires that in addition to executive representatives, at least three non executive directors are included in such board Committee. Furthermore, Section 73(1)b requires that the aggregate amount of all exposures exceeding 10 percent of qualifying capital be less than 800 percent of qualifying capital. Finally, Section 73 (2)a requires written approval of the registrar for exposures exceeding 25 percent of qualifying capital. Both Regulation 24(6) and (7) provide more detailed guidance of the concentration limits in place and explicitly require off balance sheet items to be included in the exposure calculation. Section 73(2) c, d and e of the Banks Act allows the registrar to require banks to hold additional capital or comply with prescribed conditions or requirements in case concentration risk is considered excessive. Banks are required to report concentration risk on a solo (reporting form BA 210) and consolidated basis (reporting form BA 600) including sectoral, currency and geographical concentration to the BSD on a quarterly basis. The BSD analyses concentration risk in the prudential returns. This analysis is the basis for discussion of concentration risk management strategies, policies and processes as well as timely and comprehensive reporting processes during prudential meetings with senior management focused on credit concentration risk. Based on these meetings, the BSD assesses if the banks risk management policies and procedures are adequate or if additional onsite work is required. Supplementary supervisory verification for standardized banks is also performed by the review team when performing on site exams of credit risk compliance. The credit risk specialist team also performs on site reviews for IRB bank during which they assess credit concentrations. The ICAAP periodically submitted by banks also includes concentration risk. A review of the ICAAP will also allow the supervision team to challenge the bank’s senior management periodically and the board of directors at least annually on concentration risk. The assessment team reviewed the supervisory files relating to the ICAAP of one of the larger banks and concluded that the review was comprehensive. |
| Assessment | Compliant. |
| Comments | |
| Principle 11 | Exposures to related parties. In order to prevent abuses arising from exposures (both on balance sheet and off balance sheet) to related parties and to address conflicts of interest, supervisors must have in place requirements that banks extend exposures to related companies and individuals on an arm’s length basis; these exposures are effectively monitored; appropriate steps are taken to control or mitigate the risks; and write-offs of such exposures are made according to standard policies and processes. |
| Description | A comprehensive definition of a “related person” (including both natural and legal persons) is provided in Regulation 36(6)(c). The definition includes “any other person or entity specified in writing by the registrar”. Regulation 36(15) requires inter alia that a bank shall have board approved policies in place to control the risks of related party exposures, that no exposure to a related person shall be extended on more favorable terms than a similar exposure to a non-related person, that persons benefiting from the exposure shall not be responsible for the loan assessment or the credit decision, and that any extension of credit to a related person is duly documented and monitored. The Regulation allows the registrar to require from a bank that specific related party exposures are deducted from its capital, or that adequate collateral is obtained, if in his opinion the bank’s policies and processes for related party lending are inadequate. Aggregate limits for related party exposures are the same as those for large exposures. For the verification of compliance with the requirements with respect to related party exposures, the SREP Manual foresees that BSD staff meet with a bank’s credit risk managers to obtain information on individual and aggregate related party exposures and to discuss whether the requirements of Regulation 36(15) are adhered to. During such meetings, confirmation will also be sought that banks’ senior management monitors related party transactions on an on-going basis. In addition, external auditors verify related party exposures as part of their audit of the annual financial statements. Related party exposures (with the exception of intragroup exposures exceeding 1 percent of group qualifying capital and reserve funds) are not regularly reported to the BSD either on an individual or on an aggregate basis (unless they fall in the large exposures category). |
| Assessment | Materially non-compliant. |
| Comments | The BSD does not obtain on a regular basis comprehensive information on banks’ aggregate exposures to related parties. It is currently considering the inclusion of related party exposures as a separate reportable item on form BA 600 (Consolidated return which already includes reporting of group large exposures). Neither does the BSD obtain regular information on individual related party exposures, which makes it doubtful whether it would be able to use its authority to instruct a bank to deduct such exposures from its capital effectively. The BSD does not yet require that transactions with related parties and the write-off of related party exposures exceeding specified amounts or otherwise posing special risk are subject to prior approval by the bank’s board. However, it is currently in the process of proposing amendments to Regulation 36(15) to include these requirements, as well as a requirement that persons benefiting from a particular exposure shall not be responsible for managing that exposure. In addition, there is no specific requirement for banks to have policies and processes to identify individual exposures to related parties. Prior board approval is not yet required for a bank’s transactions with related parties in excess of specified amounts. An amendment to Regulation 36 incorporating such a requirement is currently under preparation. |
| Principle 12 | Country and transfer risks. Supervisors must be satisfied that banks have adequate policies and processes for identifying, measuring, monitoring, and controlling country risk and transfer risk in their international lending and investment activities and for maintaining adequate provisions and reserves against such risks. |
| Description | There are no specific regulations or prudential limits in place for country risk or transfer risk as these risks are expected to be captured in the overall credit risk management framework of banks. The scope of Regulation 39 includes translation risk and concentration risk (paragraph 2). Also, regulation 39 (5)(f) requires banks to establish risk management processes that are significantly robust to promptly identify material concentrations in respect of counterparties in the same geographic region. Regulation 56(2)(b)(xii)(D) requires a bank to provide the BSD with an evaluation of country and transfer risk of the host country when a bank plans to acquire or establish an off-shore subsidiary, off-shore branches, joint ventures or other interest. There is, however, no explicit requirement in the legislation or regulation that banks must continuously monitor and evaluate developments in country risk and in transfer risk and apply appropriate countermeasures. Every quarter, banks are required to report form BA210 which breaks down exposures by 6 geographic regions (Africa (other than South Africa), Europe, Asia, North America, South America and Other) and by external credit ratings. Additionally, the BSD receives reporting from the foreign subsidiaries or operations of domestic banks which allows it to monitor country and transfer risk to some extent but no consolidated view of individual country risk is reported. In practice, high level discussions with a selected number of individual banks with cross border exposures confirm that policies and procedures are generally established. Their adequacy and implementation is captured through discussions at prudential meetings. In addition, banks that have significant country and/or transfer risk exposures are expected by the BSD to take these into account in their ICAAP (the assessors were shown evidence that some banks actually do so). Although external auditors are required to review compliance with reporting of large exposures, credit concentration risk as well as provisioning, there is no reference to country risk in particular. |
| Assessment | Materially non-compliant. |
| Comments | A regulation specifically dealing with country and transfer risk should be promulgated since these are material risks to some of the banks. The granularity of regional exposures on form BA210 should be increased so that the BSD is in a position to monitor country and transfer risk on an ongoing basis. |
| Principle 13 | Market risk. Supervisors must be satisfied that banks have in place policies and processes that accurately identify, measure, monitor, and control market risks; supervisors should have powers to impose specific limits and/or a specific capital charge on market risk exposures, if warranted. |
| Description | Regulation 39 clearly establishes the responsibility of the board of directors of a bank in engaged in activities that give rise to market risk. Regulation 28 (6) requires every bank to have in place, inter alia, written board approved policies and procedures clearly establishing criteria for allocation to the trading or banking book, a risk appetite statement including the nature and extent of trading activities and an annual review of said policies and procedures. Regulation 28(4) prescribes the methodology for capital requirements and establishes prudential limits for specific market risks, including interest rate risk, foreign exchange risk, equity position risk and commodity risk. Banks are required to hold capital against market risk using either the Standardized or the Internal model method or a combination of the two approaches. Regulation 28 (8) d-g sets out requirements with regard to stress testing and scenario analysis. The banks wishing to apply the internal models approach (currently 4 internal model approvals have been granted and one bank has applied) are subjected to an accreditation process as well as an annual onsite renewal review. They are required to provide signed market risk policies and limit mandates to the BSD. During these reviews (accreditation as well as annual reviews), policies, processes and controls are assessed and banks’ internal reports relating to model validation, monitoring, measuring and controlling market risk are reviewed. Furthermore, mark to market revaluations, valuation adjustments and reserving, back-testing exceptions, limit breaches and other control failures are analyzed. The scope of the onsite prudential meetings also includes a review of policies and systems for deal capture and deal input, as well as scenario analysis, stress testing and contingency planning requirements. Large banks are also required to account for reconciliation failures to the BSD on a quarterly basis. For some higher risk standardized banks, onsite prudential meetings on market risk covering some of the issues identified above are also scheduled. For the remaining banks, the BSD ensures that policies and processes are adhered to in practice and are subject to appropriate board and management oversight by a combination of reliance on internal audit, prudential meetings with senior management and desk reviews. Market Risk Specialist teams support the supervisors responsible for individual banks. Onsite prudential visits are undertaken by teams involving both the frontline supervisors and the market risk specialists, combining institutional knowledge with technical market risk expertise. Regulation 39 (13-14) requires that market data used to value trading book positions be verified by an independent price verification process at least once a month. Actual revaluation practices are tested during the Internal Models renewal review process and cross industry thematic reviews of market risk. Reporting forms BA 320 (monthly form that covers the standardized approach and the Internal Models Approach) and BA 325 (daily return that covers selected risk information, including the standardised approach and the Internal Models Approach) are periodically analyzed and compared with bank’s trading balance sheets, limit structures and financial performance. For internal model users, backtesting results are regularly provided to the BSD and in case these results indicate poor model specification, the models capital requirement multiplier will be adjusted. |
| Assessment | Compliant. |
| Comments | |
| Principle 14 | Liquidity risk. Supervisors must be satisfied that banks have a liquidity management strategy that takes into account the risk profile of the institution, with prudent policies and processes to identify, measure, monitor, and control liquidity risk and to manage liquidity on a day-to-day basis. Supervisors require banks to have contingency plans for handling liquidity problems. |
| Description | BA section 64A requires a bank’s board of directors to appoint at least three of its members to a risk and capital management committee. Its tasks include assisting the board in the establishment and implementation of policies and procedures designed to ensure that the bank identifies and measures all material risks and in developing a risk mitigation strategy. Regulation 39 on corporate governance lists the risks to be managed and includes liquidity risk. BA section 72 and Regulation 26 set minimum liquidity requirements for banks. The monthly reporting form BA 300 includes both on and off balance sheet liabilities such as undrawn lending commitments, guarantees and liquidity facilities provided to off balance sheet vehicles. The form also includes reports on the degree of concentration of deposits, balance sheet mismatches under business-as-usual as well as bank-specific stress assumptions, liquidity stress testing, available sources of stress funding, and maturity ladders for foreign currency positions. Banks foreign currency positions (gross assets and liabilities per currency) are reported on a daily basis in form BA 325 and are generally quite small. BA 325 also contains daily information on a bank’s participation in repo transactions with the SARB and interbank funding. Regulation 26 requires that a bank obtains the prior written approval of its board of directors or board approved committee for the assumptions applied in its asset and liability management process and in its liquidity stress testing. Compliance with this requirement, as well as with the requirements of BA section 64A and Regulation 39, is verified by the BSD by means of off-site and on-site reviews of relevant documentation and meetings with bank management. Because of the special significance of liquidity risk in the South African context, and to raise banks’ awareness of this fact, in 2009 the BSD conducted a thematic review of banks’ asset and liability management (ALM), including the management of liquidity risk and interest rate risk in the banking book. A detailed questionnaire was sent to the banks, including such items as the organizational structure and allocation of responsibilities for ALM, systems used, data sources, stress testing and contingency planning. On the basis of the answers received, as well as a prior review of relevant documentation (including internal audit reports on ALM), discussions were held with board members, senior managers and internal auditors. Also in 2009, the BSD has asked all bank boards to give a presentation on their degree of compliance with the “Principles for Sound Liquidity Risk Management and Supervision”, issued by the Basel Committee on Banking Supervision in October 2008. The two exercises have resulted in banks taking action—monitored by the BSD—to strengthen their liquidity risk management in those cases where shortcomings were found. This was particularly the case with respect to contingency planning for funding at some of the banks. |
| Assessment | Compliant. |
| Comments | In view of banks’ reliance on wholesale funding, and the resulting high degree of concentration of liabilities, the BSD should continue to closely monitor banks’ liquidity management, including periodic review of liquidity stress testing and contingency planning. Where material exposures to foreign currencies exist, the BSD should ensure that its ALM reviews include a more in-depth analysis of banks’ stress testing of foreign currency liquidity strategies, and that the results of such stress testing are a factor in determining the appropriateness of mismatches. |
| Principle 15 | Operational risk. Supervisors must be satisfied that banks have in place risk management policies and processes to identify, assess, monitor, and control/mitigate operational risk. These policies and processes should be commensurate with the size and complexity of the bank. |
| Description | The definition of operational risk is included in Regulation 65 and includes legal risk. As described under Core Principle 7, Regulation 39 lays out the responsibility of the board of directors and senior management to ensure that effective operational risk management is in place and is adequate for the needs of the bank. As noted under core principle 7, the board also performs a yearly self assessment of the appropriateness of the governance processes. Regulation 40 (4v) requires the board of directors to annually report to the registrar whether anything came to their attention that could indicate a material malfunction in functioning of internal controls, procedures and systems. Moreover, Regulation 47 calls for banks to report within 30 days any offences7 listed in paragraph 3 (a-f). Regulation 33 and 34 specifies the qualitative and quantitative criteria for the management of operational risk for banks on the standardized and the advanced measurement approaches respectively. Supervisory verification is guided by the SREP Manual “Analytical Framework – Operational Risk”. The BSD obtains the bank’s policies and assesses their continuous adequacy and compliance during prudential meetings. The Operational Risk specialist team also performs onsite visits. These reviews include focused operational risk reviews as well as advanced risk measurement accreditation visits (for the standardized and the advanced measurement approach under Basel II). The BSD includes IT risk in the scope of operational risk assessment work streams (e.g., Review of banks’ management reports covering IT, analysing internal loss data (form BA 410 returns—Business disruption and system failure—event type) and IT elements within the self assessments by banks for the advanced approaches.). That said, a comprehensive operational risk supervisory assessment is hampered by a specialist team that lacks strong IT skills. Hence, for the assessment of IT risk the BSD to a large extent relies on bank’s internal audit departments and the work done by external auditors as part of their certification of the annual accounts. Given that the integrity of IT systems is a cornerstone of operational risk management8 and that the work done by the external auditors is limited in scope, this is a weakness in the overall supervisory approach to operational risk management with banks. In 2008, the registrar raised board awareness to operational risk by tabling “the board’s involvement in the oversight of the banking institutions operational risk framework” as one of the topics to be discussed at the annual meetings between the registrar and the board of directors. This included the discussion of the three most severe operational risk events at the relevant board meeting. In 2006, the BSD required all banks to present their business continuity frameworks in respect to major business disruptions at the trilateral discussions. A specific format to structure the discussion is included in Circular 4/2006. Ongoing compliance with the business continuity requirements is verified as part of the operational risk onsite review. |
| Assessment | Largely compliant. |
| Comments | It is recommended that the BSD prioritize IT capacity building within its specialist risk areas in order to enable it to assess fully and adequately all aspects of banks’ operational risk management and thus to reduce reliance on the work on IT systems carried out by external auditors as part of their certification of the annual accounts. Board awareness for business continuity was raised in 2006 but the BSD should clarify its requirements into a regulation so that supervisory expectations are clear. |
| Principle 16 | Interest rate risk in the banking book. Supervisors must be satisfied that banks have effective systems in place to identify, measure, monitor, and control interest rate risk in the banking book, including a well-defined strategy that has been approved by the board and implemented by senior management; these should be appropriate to the size and complexity of such risk. |
| Description | Regulation 39 (1–5) and (16) require banks to have in place effective risk management processes, policies and procedures. Regulation 30 provides detailed requirements for the management of interest rate risk in the banking book. The SREP Manual section on “Interest rate risk in the banking book”—“ALM process” specifically addresses the supervisory assessment of interest rate risk in the banking book. Generally, a questionnaire is sent out to banks, which is followed by an assessment. The monthly reporting form BA330 deals with interest rate risk in the banking book and includes sensitivity analysis of net interest income and change in the economic value of equity. The BA330 forms are analyzed and discussed with senior management during the graph discussion. In case it is deemed necessary to go into further detail onsite, the BSD engages in more depth with senior management to verify the quality of the bank’s asset and liability management as well as the validation of the models and assumptions. For systemic relevant banks, an onsite visit will occur irrespective of the quality of the response and analysis reporting forms. In 2006, the BSD performed a thematic review across the industry on interest rate risk in the banking book. As part of its ICAAP process, the bank’s approach to interest rate risk in the banking book and the capital impact thereof is also analyzed and discussed with senior management of the bank. Regulation 39 (6)(e) refers to a general requirement for banks to regularly stress test their main risk exposures. Regulation 30 (23–36) has specific requirements for the calculation of interest rate sensitivity and stress testing to measure their vulnerability to loss under adverse interest rate movements. The outcomes are reported in the prudential reporting forms. Section 64A of the Banks Act requires, unless the registrar grants an exemption, the Risk and Capital Committee of the board to establish an independent risk management function and a group risk management function, where applicable. |
| Assessment | Compliant. |
| Comments | |
| Principle 17 | Internal control and audit. Supervisors must be satisfied that banks have in place internal controls that are adequate for the size and complexity of their business. These should include clear arrangements for delegating authority and responsibility; separation of the functions that involve committing the bank, paying away its funds, and accounting for its assets and liabilities; reconciliation of these processes; safeguarding the bank’s assets; and appropriate independent internal audit and compliance functions to test adherence to these controls as well as applicable laws and regulations. |
| Description | Internal control and audit requirements are anchored in the Banks Act and Regulation 39 which contain strict governance standards for banks. Section 60 of the Banks Act sets out the general duties of directors of a bank or controlling company. Section 60 B clearly assigns responsibility to the board of directors and the executive officers of a bank to establish and maintain an effective process of corporate governance. Section 64A of the Bank Act requires the board of directors of a Bank and/or a controlling company to appoint at least three of its members, of which at least two are non executive directors, to form and serve on a risk and capital committee. Regulation 39 provides further minimum requirements to the corporate governance processes in banks. The quality and exhaustiveness of the governance processes are assessed by the BSD during the information gathering meetings with internal audit, the head of the material risk areas, the compliance officer, external auditors (bilateral meeting) and the audit committee (trilateral meeting). As part of its supervisory process, the BSD also reviews minutes of the board on an ad hoc basis. For the adequacy of the accounting processes and policies, the BSD generally relies on the external auditor in accordance with Regulation 46 (3) which imposes the duty on the external auditor to report to the registrar any significant weaknesses in the system of internal control relating to financial regulatory reporting and compliance with the Act and Regulations which came to his attention. Regulation 42 requires banks to submit form BA020 for each person it wishes to appoint as a director or executive officer prior to the appointment. These applications are screened and consent is required from the registrar. The terms of Section 60 (6) allow the registrar to object to the appointment or continued employment of a chief executive officer, director or executive officer of a bank if the registrar reasonably believes that the person concerned is no longer fit and proper to hold that office or if the holding of such office by the person concerned is not in the interest of the public. Feedback obtained from banks on this process confirmed that this approval process is stringent and consistently applied. Regulation 49 requires banks to establish an independent compliance function and imposes minimum criteria on the compliance officer in terms of effectiveness, monitoring, reporting and resources. The Compliance officer is required to table a report at every meeting of the board of directors or Audit Committee. The BSD regularly meets with the compliance officer to assess and review compliance with this regulation. Regulation 48 outlines the required characteristics of the internal audit function. However, if the scale of a bank does not warrant a full time internal audit, the bank may agree alternative arrangements with the registrar (paragraph c, i and ii of Regulation 48). These exemptions have been granted to five banks and in these cases appropriately qualified accounting firms or individuals provide the internal audit service on an outsourced basis. The principles in Regulation 48 ensure independence of the internal audit function and adequate reporting lines toward management and the board. Internal audit is required to cover all activities of the bank to ensure the integrity and respect of its systems and internal controls. It has full access to all staff and to all functions, systems, and records of the bank as well as to outsourced functions. An Audit Committee, composed of a minimum of three non-executive members (Section 64(3)a of the Banks Act) must oversee the internal audit function. The supervisory assessment of the internal audit function is performed through annual bilateral meetings with the external auditors, where their view of the independence and competence of the bank’s internal audit function is solicited and the degree of reliance placed on the work performed by the bank’s internal audit function is clarified. In addition, the BSD indirectly assesses the quality of the internal audit function by a review of internal audit reports and a discussion with senior management, where appropriate. Furthermore, detailed prudential meetings are conducted with the internal audit function in order to directly assess the quality thereof. Regulation 47 imposes the duty on the bank to inform the registrar of any act of a member of the board of directors, an executive officer or an employee in charge of the risk management function that results or will probably result in the reputation of the bank being adversely affected. |
| Assessment | Compliant. |
| Comments | Corporate governance principles are in accordance with international standards, as they are inspired largely by the Basel Committee on Banking Supervision guidance with respect to internal audit and internal control. |
| Principle 18 | Abuse of financial services. Supervisors must be satisfied that banks have adequate policies and processes in place, including strict “know-your-customer” rules, that promote high ethical and professional standards in the financial sector and prevent the bank from being used, intentionally or unintentionally, for criminal activities. |
| Description | A Financial Intelligence Centre (FIC) has been created by the FIC Act (FICA) of 2001. Its principal objectives are to assist in the identification of the proceeds of unlawful activities and the combating of money laundering and financing of terrorist activities (FICA section 3). To achieve its objectives, the FIC must cooperate with other authorities, including supervisory bodies (FICA section 4). Each supervisory body remains responsible for supervising compliance with the FICA by the institutions it supervises (FICA section 45(1)). FICA section 42 requires “accountable institutions” (including banks) to formulate and implement internal rules relating to the identification of clients and procedures for determining when a transaction is reportable to the FIC, while section 43 requires that adequate training be provided to staff to enable them to comply with the applicable requirements. For banks, the know-your-customer requirements are further specified in BA Regulation 36(17)(a). In addition, Regulation 47 lists offences that have to be reported to the registrar, including any money laundering activity in which the bank was involved and which was not identified and reported in a timely manner as required by the FICA, as well as cases of market abuse and financial fraud within the bank, and other irregularities. Regulation 50 further details the policies and procedures that have to be in place to guard a bank against being used for market abuse and financial fraud, including money laundering, insider trading and market manipulation. By virtue of BA section 60A, each bank is required to establish an independent compliance function, the duties of which are spelled out in detail in Regulation 49. Finally, FIC Guidance Note 3 provides detailed guidance for banks on customer identification and verification. This includes the special measures that need to be put in place in respect of correspondent banking relationships and high risk accounts such as those for politically exposed persons. The BSD reviews banks’ adherence to the requirements set out in the Regulations and follows up on concerns. The BSD requests copies of policies and procedures to ensure that a bank guards against abuse of its systems and conducts regular internal audit and compliance meetings with individual banks at which issues will be raised. Focused reviews are occasionally utilized by the BSD to ascertain whether banks comply with the minimum requirements in respect of abuse of financial services. The BSD also receives regular reports from banks’ compliance officers. Banks’ Chief Executive Officers, Chief Accounting Officers and the Executive Officers responsible for FICA compliance have to sign on a monthly basis form BA 099, certifying that the bank has complied with all the relevant requirements of the FICA and the Regulations issued under it. A detailed review of FICA compliance at the largest banks was commissioned by the BSD from an external audit firm under BA section 7(1)(b) in 2005. Another detailed review by the BSD itself of FICA compliance at the other banks, including sampling of credit files and documentation, has been carried out in 2006/2007. The outcomes of these reviews have been discussed with each bank’s compliance officer and have resulted in letters from the BSD with bank-specific recommendations, the follow-up of which it monitors. For enforcement, the BSD may if called for use its general regulatory powers, e.g., calling into question the fitness and propriety of a bank’s directors or withholding approval for expansion of the bank’s activities. FICA section 38(1) provides civil and criminal immunity to any person complying in good faith with the requirements to provide information about fraudulent or suspicious transactions to the authorities. FICA section 36(1) requires the registrar to make a report to the FIC if he knows or suspects that, as a result of a transaction concluded by or with a bank, the bank wittingly or unwittingly has received or is about to receive the proceeds of unlawful activities, or has been used or may be used in future for money laundering purposes. FICA section 40 provides for the exchange of information pursuant to a written agreement between the FIC and the supervisory bodies and other entities such as investigating authorities inside or outside South Africa. |
| Assessment | Compliant. |
| Comments | The FICA and other relevant Acts are currently being revised to implement recommendations made during a FATF assessment in 2008. With respect to banks, the main FATF recommendation was that the BA should include a specific provision allowing the registrar to impose fines on banks for offences against the FICA requirements. The BSD should consider expanding its in-house expertise on FICA matters. For example, it has no forensic expertise. For this, it relies exclusively on external audit firms. The BSD should ensure that all the aspects listed in Essential Criteria 4, 8 and 9 of the Core Principles Methodology are specifically addressed in the SREP Manual. |
| Principle 19 | Supervisory approach. An effective banking supervisory system requires that supervisors develop and maintain a thorough understanding of the operations of individual banks and banking groups—and of the banking system as a whole—focusing on safety and soundness and the stability of the banking system. |
| Description | The BSD receives extensive information on each bank’s operations from a variety of sources, including prudential returns, on-site work, meetings with various bank officers, review of documentation and auditors’ reports. On the basis of the information received, all banks are classified each quarter as either high, medium or low risk banks. The classification is based on a two dimensional approach: on the one hand account is taken of a bank’s (or banking group’s) size and complexity (i.e., its systemic relevance), and on the other the size of the risks and the quality of the controls within a particular bank are considered. A list of all banks and their risk classifications is included in the BSD’s quarterly management information document, which is tabled and discussed on a quarterly basis at the BSD’s management committee meeting. The risk classification determines the length of the supervisory cycle pertaining to a particular bank and the supervisory resources to be allocated. A systemically important bank with low bank-specific risk would be on a twelve month cycle, as would a bank with low systemic relevance but high bank-specific risk. Banks that are classified as medium risk would be on a 18 month cycle and banks classified as low risk would be on a 24 month cycle. In the case of high risk banks full reviews would be conducted, while for low risk banks low intensity reviews would be conducted, e.g., on the basis of questionnaires. Notwithstanding this, a large high risk bank would obviously be allocated more supervisory resources than a small high risk bank. The BSD’s Research Section analyses data submitted by banks from a sector perspective. The results are presented and discussed by the department’s management and staff on a monthly basis. In addition, the BSD’s Risk Specialists, besides doing bank-specific work, also focus on specific risk areas on a sector-wide basis. Analysis of the banking system as a whole forms part of the BSD’s quarterly management information document. The BSD also receives information from a macroprudential perspective from the SARB’s Financial Stability Department, and shares its own work with this Department. There is a MOU between the BSD and the FSB. Regular supervisory meetings are held with the FSB to discuss developments at the largest significant systemic banking/insurance groups. The purpose of these meetings is to enhance information sharing, identify issues of mutual interest and to work together towards greater consistency of approach, where appropriate. Meetings are also held with the National Credit Regulator to exchange views on the credit environment. The BSD’s methodology for assessing individual banks’ risk profiles and planning supervisory work is described in the Department’s Supervisory Review and Evaluation Process (SREP) Manual. The Manual describes the SREP cycle as a continuous process involving supervisory planning, gathering information, forming a view on the main risk areas, undertaking focused reviews and feedback to the bank’s management, including possible remedial actions or an increase in the bank’s individual capital requirement. Stress testing is employed to reinforce the risk assessment system’s forward-looking elements. Many parts of the Manual are currently still in a draft stage. The BSD considers it to be a live document that presumably still has to grow. The SREP Manual is a relatively new concept and as a result, the BSD had to update and/or change most of its previous (under Basel I) policy and procedural documentation. The BSD is in the process of turning all the documents contained within the SREP Manual into “approved” policy documents which is a time-consuming exercise. A committee has been established within the BSD especially for such approvals and to monitor changes to approved documents, going forward. One of the issues addressed during the SREP cycle is a review of banks’ adherence to the requirements set out in the Regulations. Regulation 49 requires banks to have an independent compliance function that continuously monitors the bank’s compliance with all applicable requirements and reports to the bank’s board or audit committee, while supplying a copy of its reports to the registrar. The BSD utilizes an internal “compliance checklist” to ascertain whether banks comply with all prudential requirements. The BSD conducts compliance meetings with banks at which issues are raised and followed up on. There is no explicit requirement for banks to inform the registrar of substantive changes in their business or material adverse developments, but in practice the registrar is known to insist on this and banks comply without exception. All data submitted by banks via the prudential returns are available on the BSD’s Oracle IT system. The system automatically creates graphs and reports and is suitable for cross-bank analysis as well as analysis of time series. Trends analysis, adherence to minimum requirements and peer analysis are performed utilizing the automated reports and graphs. Monthly and quarterly reports to management are prepared that highlight major developments and facilitate the identification of areas requiring supervisory action. All correspondence from and to banks is captured on the Papertrail system. Issues requiring follow-up action are kept in a paper-based “Issues File” that according to BSD management functions perfectly well. |
| Assessment | Compliant. |
| Comments | According to industry sources, the BSD focuses on the important risk areas within a bank. The BSD’s approach to risk-based supervision could be further strengthened by developing an IT tool that integrates risk analysis, planning of supervisory work and monitoring of follow-up actions. The risk classification is done on Excel sheets, while the monitoring system for follow-up actions (the so-called Issues File) is paper-based. Interaction between the BSD and the FSB has been strengthened but can be still further improved, for example by conducting joint inspections at group level and by exchanging supervisory reports on individual groups. See also the comments under CP 24. The SREP Manual is conceptually sound and the BSD is encouraged to develop it further, in particular by including more detailed guidance for BSD staff in their day-to-day work, but without it becoming a checklist. |
| Principle 20 | Supervisory techniques. An effective banking supervisory system should consist of on-site and off-site supervision and regular contacts with bank management. |
| Description | The BSD employs a mix of on-site and off-site supervision to evaluate the condition of banks, their inherent risks and to determine the supervisory measures that may be needed to address any identified concerns. The appropriate mix is determined for each bank during the SREP cycle (see under Principle 20), which begins with the formulation of a written supervisory plan. The main purpose of the supervisory plan is to ensure a disciplined and comprehensive planning process that forms the foundation for supervisory actions, interactions with the bank, and interventions. As new information becomes available during the cycle, the supervisory plan is continuously updated. In addition, the BSD Strategic Planning Process is a high level forum where strategic risks are identified for the ongoing supervisory activities. On-site and off-site work for a particular bank is performed by the same teams of analysts and risk specialists, ensuring effective coordination and information sharing. At the bi-weekly BSD management committee meetings feedback is given by all participants on on-site meetings that were held since the previous meeting. The feedback then flows to the rest of the BSD employees at divisional meetings, and in-depth discussions take place at the meetings of analysts and risk specialists. At the weekly correspondence meetings, the BSD management team discusses all correspondence with banks to ensure consistency of treatment. Feedback on this is also given to the BSD staff. On-site work consists of focused reviews, but also of frequent meetings with a bank’s board and board committees and managers at various levels. Focused reviews may be carried out by the BSD’s own analysts, risk specialists or on-site review team. It may also be outsourced to external auditors, external risk consultants, or other advisors (e.g., lawyers or forensic experts). The BSD has a credit risk review team consisting of six specialists, as well as three specialists on market risk, four quantitative experts, two experts on capital issues, one specialist on consolidated supervision, one on operational risk, and one on disclosure issues. The credit risk review team has over the past two years devoted its attention to the correct application of the Basel II standardized approach to credit risk by banks and has not been available for other work on credit risk at the banks that are using this approach (e.g., sampling credit files). The number of other specialists is also small, particularly when account is taken of the BSD’s ambition to apply the latest international supervisory standards. The BSD does not have its own experts on important and increasingly specialized areas such as IT risk and forensic work. Relatively strong reliance is therefore placed on special assignments to external auditors. Off-site reviews are used to analyze prudential returns as well as other sources of information such as auditors’ reports and published financial statements. This may result in the identification of areas within a bank that require detailed or specialized on-site review. The Issues Files are continuously updated and monitored to identify required follow-up actions. The SREP Manual outlines all meetings to be held during the specified supervisory cycle with a bank’s board of directors, audit committee, external auditors, internal audit, compliance function, heads of risk areas and other bank employees, as identified by BSD analysts or risk specialists. ICAAP reviews also form part of the supervisory program. Separate meetings take place with the independent board members. One of the functions of the meetings with the board and senior managers is to assess their quality. Board minutes are reviewed on-site to gain an understanding of the board’s involvement in setting the bank’s risk appetite and approving policies and procedures, and to ascertain the nature and detail of the issues being discussed. Trilateral meetings of a bank’s board, its external auditors and the BSD are held during which feedback is provided by the BSD. The BSD also reviews internal audit reports and the audit plan. External auditors are asked for their view of the quality of internal audit and to explain how much reliance was placed on internal auditors at the bilateral meetings. The final stage of the SREP cycle entails informing the bank of the BSD’s findings and follow-up actions the bank is expected to take by means of a letter as well as meetings. |
| Assessment | Compliant. |
| Comments | The BSD should consider expanding its staff to allow it to do more work on credit risk and on specialized areas such as IT risk and forensic investigations. |
| Principle 21 | Supervisory reporting. Supervisors must have a means of collecting, reviewing, and analyzing prudential reports and statistical returns from banks on both a solo and a consolidated basis and a means of independent verification of these reports, through either on-site examinations or the use of external experts. |
| Description | BA section 7 provides the registrar with the authority to require banks, their subsidiaries and controlling companies to furnish him on a regular basis with such information as he may reasonably require for the performance of his functions under the Act. BA section 75 specifically states that banks shall furnish the registrar with returns relating to capital adequacy and liquidity at such intervals and in such a form as the registrar may prescribe. Regulation 7 lists a range of returns that have to be submitted. These include balance sheets, off-balance sheet activities, income statements, information on shareholders, various returns relating to credit risk, market risk, liquidity risk, operational risk, large exposures, and others. All returns have to be submitted both on a solo and a consolidated basis. The returns have to be prepared in accordance with the International Financial Reporting Standards (IFRS). The appropriate application of the IFRS results in returns that provide a fair representation of the financial position and the risks of the bank. All banks have to report in relation to the same dates and periods, allowing for meaningful peer group comparisons. Peer comparisons are generated automatically to assist analysis. The reporting frequency varies from daily (return on selected risk exposures) to annually (return on shareholders), with most returns having to be submitted either on a monthly (for solo supervision) or on a quarterly basis (for consolidated supervision). The BSD has implemented validation rules that help prevent banks from submitting incorrect data in the prudential returns. The BSD also verifies the quality of data submitted by banks by means of on-site and off-site work. A bank’s chief executive officer, chief accounting officer and executive officer responsible for compliance with the FICA have to certify with each submission of prudential returns that the data are correct. A bank’s external auditor has to report to the registrar whether the submitted returns at year-end are in his opinion materially correct and complete (Regulation 46). In addition, a bank’s external auditor has to inform the registrar throughout the year on any matter which may endanger the continued viability of the bank or its ability to repay depositors, or which is contrary to the principles of sound management and internal controls (BA section 63). At the bilateral meetings between the BSD and the external auditors, the auditors are asked whether they are aware of any “material shortcomings” at a bank. BA section 91 lists non-compliance with the obligation to submit accurate and timely prudential returns as an offence, while section 91A allows the registrar to impose penalties for offences under the BA. By virtue of BA section 6, the BSD has full access to all relevant information from banks, their parents and their subsidiaries, including internal management information. The BSD also has full access to banks’ boards, managers and staff and in fact meets with them frequently. BA sections 7 and 85B allow the registrar to order banks to appoint outside experts to investigate any matter that the registrar may specify and to report to him on that matter. |
| Assessment | Largely compliant. |
| Comments | Although the range of periodic prudential returns is fairly wide, some essential information is not reported to the BSD on a regular basis. This includes related party lending (ref. Principle 11) and country and transfer risk (ref. Principle 12). |
| Principle 22 | Accounting and disclosure. Supervisors must be satisfied that each bank maintains adequate records drawn up in accordance with accounting policies and practices that are widely accepted internationally and publishes, on a regular basis, information that fairly reflects its financial condition and profitability. |
| Description | International Financial Reporting Standards (IFRS) promulgated by the IASB were enacted as South African law in 2004. It is a prerequisite to be registered as a public company before conducting business as a bank (Section 11 of the Banks Act). As stipulated by the Companies Act Section 284, it is the duty of every company to keep financial records. The Companies Act also requires that financial statements are subject to audit and publication. For banks specifically, Section 61 of the Banks Act requires the approval of the appointed external auditor by the registrar. Should the bank for any reason fail to appoint an auditor, Section 62 allows the registrar to appoint one himself. In accordance with Regulation 40 (4), directors of a bank are also required to annually report to the registrar whether or not the bank’s internal controls provide reasonable assurance as to the integrity and reliability of the bank’s financial statements. Regulation 3 requires banks to prepare all relevant prudential returns to the registrar in accordance with Financial Reporting Standards and provides specific risk management guidance for the application of the fair value option. The instructions to the various BA reporting forms also instruct banks as to the form of presentation and valuation methods. The registrar has the power to request external auditors to review areas outside normal audit procedures (Section 7 (1)b of the Banks Act). As described under Core Principle 8, under Regulation 46 (4) the external auditor also reports annually to the registrar on certain aspects of credit risk management for all banks. With regard to disclosure, Regulation 43 imposes specific qualitative and quantitative disclosure obligations on banks and requires banks to have a disclosure policy. The scope and level of detail of these disclosures are commensurate with the size and complexity of a bank’s operation. They are also aligned with Pillar 3 under the Basel II framework. In case banks do not comply with the required disclosures, the registrar can turn to the enforcement powers and remedial actions under the Banking Act and the Regulations. The registrar publishes periodic aggregated information on the banking system sourced from the prudential returns. A monthly overview of banking sector trends, including capital ratios, impaired advances, profitability indicators and balance sheet structure is also disclosed. Frequent interaction between the BSD and the external auditors (bilateral meetings) is an integral part of the BSD’s supervisory approach. Section 63 (1) of the Banking Act details the reporting duties of the auditor to the BSD. These include matters of material significance and the power of the registrar to require additional information relating to the matters listed. Paragraph 3 of Section 63 ensures that the auditor cannot be held liable for breach of a duty of confidentiality when reporting in good faith. Banks Act Directive 6/2008 establishes auditor rotation rules. The rotation of auditors does not require the rotation of the audit firm but rather the rotation of an audit firm’s lead and engagement partners. As indicated above, enforcement of these rules is materialized by the power of the registrar to refuse an external auditor. Although the registrar has no unfettered access to the working papers of the auditors, he can issue a directive to an auditor requiring him to provide the registrar with information or documents on a specific issue. |
| Assessment | Compliant. |
| Comments | |
| Principle 23 | Corrective and remedial powers of supervisors. Supervisors must have at their disposal an adequate range of supervisory tools to bring about timely corrective actions. This includes the ability, where appropriate, to revoke the banking license or to recommend its revocation. |
| Description | Throughout the SREP cycle, the BSD presents and discusses outcomes of reviews with the banks at meetings with the CEO, internal audit, compliance, heads of various risk areas, heads of business units and bilateral meetings with external auditors, as well as at the so-called graph discussions. Where areas of concern are identified, on-site reviews will take place, followed by feedback letters with requests for regular progress reports by the bank to BSD on required actions. Issues will be registered in the Issues File and progress will be monitored closely and followed up regularly. The BSD meets with boards of directors and has a trilateral meeting with the bank’s audit committee, external and internal audit at the end of the SREP cycle. Outside the formal SREP cycle, the registrar will personally contact bank CEOs on any concerns he may have at any time. Under BA section 25, the registrar can apply to a competent court for an order for cancellation or suspension of the registration of a bank. Pending the court order, the bank can continue its operations. In lieu of applying for a court order, the registrar may also restrict the activities of the bank in such respects as he may determine (BA section 26). Where a bank has obtained registration by submitting false or misleading information, or—in the case of a foreign bank operating in South Africa – where the home supervisor has revoked the parent bank’s license, the registrar needs the consent of the minister to cancel the bank’s registration (BA section 23). In these cases, the registrar need not go to a court. However, before restricting the activities of a bank under section 26, or cancelling or suspending the registration under section 23, the registrar needs to inform the bank of his intentions, explain the reasons, and allow the bank at least 30 days to argue why its registration should not be cancelled or suspended (BA section 24). As in the case where a court order is pending, the bank can in the meantime continue its operations without any restrictions. BA section 69 allows the minister to appoint a curator to a bank if the registrar is of the opinion that the bank will be unable to meet its obligations. However, for the appointment of a curator the written consent of the CEO or the chairperson of the board of the bank is required. The BA provides the registrar with an appropriate range of tools to address issues in banks on a going concern basis, including issuing directives to banks individually or collectively (BA section 6(6)(a)), raising an individual bank’s capital requirement or requiring the bank to strengthen its risk management and internal controls (Regulation 38(4)), declaring that a bank’s CEO or other officer is no longer fit and proper (BA section 60(6)(a)), imposing fines (BA section 91A), seeking court decisions on offences committed by a bank or its officers, or taking the initiative for a cancellation or suspension of a bank’s registration. Especially the registrar’s power to increase a bank’s individual capital requirement or to derecognize the fitness and propriety of its executive officers, enable him to make banks take such action as he deems necessary. The common law principles and prescriptions of the administrative law provide that an administrative action or decision should not only be appropriate and equitable, but should also be carried out without undue delay. Undue delays by the registrar that are also found to be in bad faith might result in the SARB or the registrar being liable for any damage caused by such a delay. BA section 70A(1)(b) allows for ring-fencing of a bank from the unregulated entities in a group. Under the MOU between the BSD and the FSB, the BSD would inform the FSB of material information (including remedial supervisory action) in respect of a bank that is part of a group that includes entities that are supervised by the FSB. |
| Assessment | Materially non-compliant. |
| Comments | The severe limitations on the registrar’s authority to cancel or suspend a bank’s license or to restrict a bank’s activities (BA sections 23–26), in particular the delay of at least 30 days between the announcement of such measures to a bank and their actual application, call seriously into question his ability to use these supervisory powers decisively, expediently and effectively. The same comment applies to the registrar’s inability to appoint a curator without the consent of the CEO or the chairperson of the board of the bank concerned, |
| Principle 24 | Consolidated supervision. An essential element of banking supervision is that supervisors supervise the banking group on a consolidated basis, adequately monitoring and, as appropriate, applying prudential norms to all aspects of the business conducted by the group worldwide. |
| Description | Banks and their controlling companies have to provide the registrar annually with detailed qualitative information on major shareholders, legal and operational group structure, strategy, risk management, business activities, etc (Regulation 36(8)(a)). Under Regulation 56(2)(a)(ix)(C), all banking groups have to submit a detailed organization chart biannually reflecting all interests under the bank or the controlling company. Additional information has to be provided to the registrar on his request (Regulation 36(8)(b)). Quantitative information on a consolidated basis relating to group capital adequacy, intragroup exposures, group large exposures (including related party exposures) and group foreign exchange exposures has to be reported quarterly (form BA 600); this includes information on significant non-banking financial activities and commercial activities. All significant entities (financial and non-financial) are listed on a line-by-line basis on the form BA 600 which enables the BSD to evaluate the risk an entity may pose on the banking group. As part of the supervisory review cycle, meetings are held with banks to discuss matters relating to the consolidated group. For each of the five largest banking groups, the BSD has a dedicated consolidated supervision analyst, and there is one consolidated supervision specialist. BA sections 70A and 73 allow prudential standards to be set for a banking group relating to capital requirements and concentration risk, respectively. Detailed standards including qualitative requirements have been set in Regulations 36 (Consolidated supervision), 37 (Consolidated supervision: foreign operations of South African banks), 38 (Capital adequacy on a solo and a consolidated basis) and 45 (Consolidated financial statements). BA sections 6 and 7 allow the BSD to obtain information from parent companies and their subsidiaries. BA section 4(4) lists the powers of the registrar under the supervisory review process. These powers include on-site and off-site review of banks or controlling companies and their branches, subsidiaries or related entities both within and outside South Africa, as well as discussions with board members, executive officers and risk managers, and a review of the work done by external auditors. BA section 52 requires the registrar’s prior written approval for establishing or acquiring a subsidiary or a branch, investing in joint ventures, and acquiring an interest in any undertaking registered outside South Africa. For all applications in terms of BA section 52, the BSD has a Section 52 Committee which will consider the impact that the proposed investment could have on the banking group, and the BSD may reject an application. The Committee will take into account the nature and extent of work carried out by the host supervisor. In case a bank is owned by an insurance company, the BSD cannot impose prudential standards on the group; such cases are covered in the regular meetings with the FSB which would in these cases as lead regulator have the wider responsibility for group oversight (the banking sub-group is subject to BSD consolidated supervision). For the acquisition or establishment of South African operations by foreign banks and cross-border banking operations by South African banks, the BSD requires the establishment of a MOU with the cross-border banking supervisor concerned. In several cases the BSD has rejected such applications because a MOU could not be established due to legal requirements in the foreign country concerned. MOUs are in place between the SARB’s BSD on the one hand and the FSB and thirteen foreign bank supervisory authorities on the other. The BSD occasionally sends staff abroad to meet with host supervisors and to conduct on-site work at the foreign operations of South African banks. Conversely, foreign bank supervisors come to South Africa to meet with the BSD and review the local operations of banks from their country. MOUs between the SARB and a further twenty-one foreign supervisors, as well as the FIC and the NCR, are in various stages of preparation. The BSD convenes ad-hoc meetings with foreign supervisors to promote the resolution of supervisory problems concerning a cross-border establishment in the respective other jurisdictions, whenever either side reasonably requests this on ground of a material supervisory concern. Quarterly meetings take place between the BSD and the FSB to discuss groups that have both banking activities and financial activities that are supervised by the FSB. Qualitative and quantitative information pertaining to each of the five major groups individually is exchanged and supervisory concerns are addressed. In addition, quarterly meetings are held between the BSD, the FSB and the SARB’s Financial Stability Department where financial sector developments are discussed. Supervisory reports are exchanged between the BSD and the FSB on an exceptions basis. There have been occasional joint meetings of the BSD and the FSB with senior management of banks. Meetings are held with banks to discuss the consolidated group and its corporate governance structures and management of risks and activities. Issues relating to the bank’s foreign operations, including branches, joint ventures and subsidiaries, are addressed. In addition, a quarterly return is submitted for all banking groups’ cross-border banking operations (form BA 610). Under Regulation 46, external auditors are required to issue a report on each foreign banking operation, which reports are reviewed and discussed at the trilateral meetings. Senior management appointments at the foreign banking operations of South African banks are subject to fitness and propriety testing by the BSD. The foreign operations are expected to report to the BSD on all interactions with their host supervisor. Under BA section 26, the BSD may restrict a bank’s activities (e.g., its foreign operations) if it has failed to comply with a requirement of the BA. |
| Assessment | Compliant. |
| Comments | Interaction between the BSD and the FSB can be further improved, e.g., by conducting joint inspections at group level and by exchanging supervisory reports on individual groups on a regular basis. Temporary secondments of staff would help to improve understanding of each others’ approaches and work methods and would facilitate communication at the operational level. Consideration could also be given to harmonization of regulatory requirements in areas of common interest, such as corporate governance and fitness and propriety. The power of the BSD to establish and enforce fit and proper standards for owners and senior managers of parent companies of banks is not clearly stated in the BA (ref. AC 1). |
| Principle 25 | Home-host relationships. Cross-border consolidated supervision requires cooperation and information exchange between home supervisors and the various other supervisors involved, primarily host banking supervisors. Banking supervisors must require the local operations of foreign banks to be conducted to the same standards as those required of domestic institutions. |
| Description | Section 4(3) of the Bank’s Act gives the registrar the authority to enter into written cooperation agreements, such as memoranda of understanding (MOU), with a host supervisor or a home supervisor and lists the various forms of cooperation that may exist. Section 89 (b) of the Bank’s Act allows the registrar, under certain conditions, to furnish information to an authority in another country for the purposes of bank supervision. The SARB has Memoranda of Understanding (MOU) with a number of authorities where South African banks have established significant operations They establish a formal basis for cooperation, including the exchange of information and cover many, but not all of the supervisory agencies with which the BSD has home/host relationships. Although the BSD does not exchange prudential risk assessments and reports on specific prudential meetings and visits, the level and detail of information exchanged with home and host supervisors appears to be adequate in view of the size and complexity of the cross border operations of the bank or banking group. The SREP Manual section on “Consolidated Supervision” Home/Host Policy and procedures requires that in case the BSD takes action on the basis of information received from another supervisor, it would consult with that other supervisor before taking action. However, this has not yet occurred in practice. Finally, the BSD has developed very close working relationships with the UK FSA and the Hong Kong Monetary Authority, which materialized in several joint on model validation visits during the Basel II implementation process. BSD as home supervisor Under Section 52 of the Bank’s Act, a bank needs prior approval of the registrar to establish a subsidiary or other operation abroad. For the establishment of a cross border banking operation, the BSD requires an MOU to be established. When reviewing the foreign operations of its banks on site, the BSD meets with the host supervisor to discuss the overall operations of the bank group. Should the operations of a particular bank group cause serious concern, it will promptly contact the host supervisors and inform them of the issues. The SREP manual explicitly addresses onsite examinations of foreign operations of South African banks. The BSD also receives regular prudential reporting as well as the external auditors credit risk report required under Regulation 46 (4) of the foreign operations of its domestic banks. The BSD hosted the first College of African bank supervisors in 2007 to discuss ways of managing Basel II implementation in relation to Standard Bank Group Ltd. Another college meeting is planned in 2010. BSD as host supervisor The BSD requires all foreign branches and subsidiaries of international banks to comply with the requirements (including capital adequacy requirements for branches) of the Bank’s Act and the Regulations. When the BSD acts as a host supervisor, it requires the establishment of an MOU and it ensures that the home supervisor has no objections in accordance with branch regulations (1)(6)(b)(i). Section 18A (3)b of the Bank’s Act also requires the foreign institution to lodge a written application which includes information with regard to the application of consolidated supervision in the home country. As part of the licensing process, the legal department of the BSD establishes contact with the home supervisor. Home supervisors are given on-site access to branches and subsidiaries of a cross border banking group in accordance with Section 4(3)c and several onsite inspections by foreign authorities have taken place. The BSD is a member of several supervisory colleges of international banks and regularly attends the meetings. It provides information to home supervisors during the college meetings or on an ad hoc basis, when required. The BSD does not permit the creation of shell banks and booking offices. |
| Assessment | Compliant. |
| Comments |
| Principle 1 | Objectives, autonomy, powers, and resources. An effective system of banking supervision will have clear responsibilities and objectives for each authority involved in the supervision of banks. Each such authority should possess operational independence, transparent processes, sound governance, and adequate resources and be accountable for the discharge of its duties. A suitable legal framework for banking supervision is also necessary, including provisions relating to authorization of banking establishments and their ongoing supervision; powers to address compliance with laws as well as safety and soundness concerns; and legal protection for supervisors. Arrangements for sharing information between supervisors and protecting the confidentiality of such information should be in place. |
| Principle 1(1) | Responsibilities and objectives. An effective system of banking supervision will have clear responsibilities and objectives for each authority involved in the supervision of banks. |
| Description | The South African Reserve Bank Act of 1989 in Section 10(1)(v) assigns responsibility for performing the functions specified in the Banks Act of 1990 and the Mutual Banks Act of 1993 to the SARB. Section 3 of the Banks Act (BA) says that there shall be, as part of the SARB, an Office for Banks (usually referred to as the Bank Supervision Department, or BSD) headed by the registrar of Banks which shall be responsible for the registration of banks as well the other purposes of the Banks Act. The Mutual Banks Act specifies that the Office for Banks is also responsible for the registration and supervision of mutual banks. Together with the Regulations issued under the Banks Act, which have the same legal status as the Act itself (BA section 1), these Acts provide a comprehensive legislative framework for banking in South Africa. Besides the SARB, other authorities directly or indirectly involved in banking supervision include the Financial Services Board (FSB), the Financial Intelligence Centre (FIC) and the National Credit Regulator (NCR), which are each governed by a dedicated Act. The FSB is responsible for supervising non-bank financial institutions such as insurance companies, pension funds, money market funds and stockbrokers. The FIC’s principal tasks are to combat money laundering and financing of terrorism, and to assist in identifying the proceeds of unlawful activities. The NCR’s duties include the promotion of financial access, protecting consumers of credit (including residential mortgage loans), registration of credit providers and debt counselors, and consumer education in relation to credit matters. The relevant Acts provide for cooperation between the SARB and the other authorities. The Banks Act in Chapter VI sets out the minimum prudential requirements. Detailed requirements are contained in a comprehensive range of regulations covering capital, liquidity, large exposures, specific risk areas, bank ownership and control, various aspects of the corporate governance of banks, disclosure requirements, etc. The Banks Act and the Regulations are frequently reviewed by a Standing Committee for the Revision of the Banks Act in order to ensure that the legal framework is kept up to date if circumstances change or if the administration of the Act has shown changes to be advisable (BA section 92). This allows inter alia for the regulator to be able to comply with new developments in international standards, such as those issued by the Basel Committee on Banking Supervision. The mission of the BSD, as stated in its Annual Reports, is “to promote the soundness of the banking system through the effective and efficient application of international regulatory and supervisory standards”. The Standing Committee provides recommendations on amendments to the minister of finance, who is responsible for issuing Regulations (BA section 90; Parliamentary approval is required for changes to the Act, but not for changes to the Regulations). The Committee is chaired by a Deputy Governor of the SARB and it comprises representatives of the registrar, the bankers’ association, the auditors’ association, and others. The Committee usually acts upon proposals of the registrar. It may make changes to the registrar’s proposals, but it has never blocked any proposals. The process may occasionally be cumbersome and time-consuming, but it helps to create support and to satisfy the minister that proposed amendments have been carefully considered and widely consulted in a transparent manner. All changes to the Act and the Regulations follow a wide public consultation process prior to enactment, after which they are published in the Government Gazette and on the SARB’s website. If quick action is called for, the registrar may issue a Directive that is applicable to all banks, without going through the Standing Committee process and without requiring the prior approval of the minister. Such generally applicable Directives are normally later turned into Regulations. The registrar may also issue Circulars on specific interpretation issues and Guidance Notes for general information purposes. The BSD’s Annual Reports provide detailed information on developments in the banking industry as well as on supervisory and regulatory developments. In addition, the SARB publishes a monthly brochure (both in physical form and on its website) entitled “Selected South African banking sector trends”. All prudential returns are published on the SARB’s website on an aggregate basis, and the balance sheets are also published for each bank individually. Regulation 43 (on public disclosure) requires each bank to publish reliable, relevant and timely qualitative and quantitative information that enables an accurate assessment of the bank’s financial condition. Regulation 44 (on annual financial statements) requires all banks to publish annual financial statements in accordance with Financial Reporting Standards, with additional disclosure when called for. As part of its planning process, the BSD classifies all banks on a quarterly basis as a high risk, medium risk or low risk bank. The classification is two-dimensional in the sense that both the complexity and systemic importance of each bank as well as its risk profile are taken into account. A list of all banks and their risk classifications is discussed on a quarterly basis at the BSD’s management committee meeting. On the basis of the classification, the management committee determines for each bank the length of the supervisory cycle and the supervisory resources to be allocated. |
| Assessment | Compliant. |
| Comments | |
| Principle 1(2) | Independence, accountability, and transparency. Each such authority should possess operational independence, transparent processes, sound governance, and adequate resources and be accountable for the discharge of its duties. |
| Description | The BA provides that the SARB shall, subject to the approval of the minister of finance, designate one of its employees to be the registrar of Banks. The registrar shall perform the duties assigned to him by the BA, under the control of the SARB and in accordance with directions as may be issued to him by the SARB (BA section 4(1)). Being an employee of the SARB, the registrar is appointed for an indefinite period. The present registrar has held his office since 2003, when his predecessor reached the retirement age. The possible reasons for removal of the registrar from office, which could only be done by the senior management of the SARB, are not specified in the BA. Removal of the registrar would be subject to the general legal provisions governing employment relations, as well as SARB employment contracts and policies. The registrar submits an Annual Report to the minister of finance, who transmits it to the Parliament. The Annual Report is also made publicly available by the registrar. The objectives of the registrar are spelled out in the BA as well as in the BSD’s mission statement. Actions taken to achieve the objectives are elaborated in the Annual Reports as well as in other publications, presentations to banks and other parties, and press contacts. The BSD’s operations are financed from the budget of the SARB, which has operational independence. There is no evidence of government or industry interference with the BSD’s operations and budget. The registrar does not consider the BSD’s budget to pose a constraint on the effectiveness of its operations. The BSD is able to attract and retain staff with the required skills, and staff turnover is not out of line with market practice. The majority of BSD personnel employed in the analysis section, risk specialist areas and the legal section hold post graduate qualifications and there are some chartered accountants as well specialists in particular aspects of banking and risk areas (although, as discussed under the applicable CPs, their number may need to be increased). The BSD spends considerable sums on staff training, by way of its own training programs, by sending staff to outside courses (both domestically and overseas) and by inviting outside experts to provide training at the SARB. The BSD and its supervisory staff are well-regarded by the industry. The BSD occasionally hires outside experts to perform certain investigations (e.g., on illegal deposit taking). The BSD’s budget allows for obtaining equipment and for travelling as required for the fulfillment of its objectives. |
| Assessment | Compliant. |
| Comments | |
| Principle 1(3) | Legal framework. A suitable legal framework for banking supervision is also necessary, including provisions relating to authorization of banking establishments and their ongoing supervision. |
| Description | The Banks Act provides for the registrar to perform the functions assigned to him by or under the Act (BA section 3). These include the authorization and registration of banks (BA sections 11–25) and the ongoing supervision of their operations. Under BA section 23, the minister’s approval is needed for the cancellation or suspension of a bank’s registration. The registrar may obtain from banks, banks’ controlling companies and subsidiaries of banks and banks’ controlling companies such information as he may reasonably require for the performance of his duties under the Banks Act, including periodic returns as prescribed in the Act itself or in the Regulations (BA sections 7 and 75). |
| Assessment | Largely compliant. |
| Comments | It is not the registrar but the minister of finance who is responsible for setting prudential regulations. Prescribed prudential returns and instructions for their completion are included in the regulations issued by the minister. The registrar’s formal role in this respect is limited to issuing circulars with guidelines regarding the application and interpretation of the provisions of the Act (BA section 6(4)). In practice, however, it is the registrar who takes the initiative for changes to regulations and who prepares the drafts that are issued for consultation. |
| Principle 1(4) | Legal powers. A suitable legal framework for banking supervision is also necessary, including powers to address compliance with laws as well as safety and soundness concerns. |
| Description | The BA provides the registrar with an appropriate range of tools to address issues in banks. It is at his discretion to decide which tool to use in a particular case. Especially the registrar’s power to increase a bank’s individual capital requirement (Regulation 38(4)) or to derecognize the fitness and propriety of its executive officers (BA section 60(6)(a)), enable him to make banks take such action as he deems necessary. By virtue of BA section 6, the BSD has full access to all relevant information from banks, their parents and their subsidiaries, including internal management information. The BSD also has full access to banks’ boards, managers and staff and in fact meets with them frequently. Under the BA the minister’s approval is needed for the cancellation or suspension of a bank’s registration (BA section 23). Also, if in the opinion of the registrar a bank will be unable to meet its obligations, it is the minister who may appoint a curator to the bank if he deems this in the public interest (BA section 69); an additional condition in this case is that the written consent of the chief executive officer or the chairperson of the board of the bank concerned is required. |
| Assessment | Largely compliant. |
| Comments | In order to ensure that the registrar’s ability to act decisively when banks encounter serious difficulties will not be hampered, the minister’s role in supervisory remedial actions and the required consent of the bank’s CEO or chairperson for the appointment of a curator need to be reconsidered. |
| Principle 1(5) | Legal protection. A suitable legal framework for banking supervision is also necessary, including legal protection for supervisors. |
| Description | Section 88 of the Banks Act provides that no liability shall attach to the SARB or, either in his or her official or personal capacity, to any member of its board of directors, the registrar or any other employee, for any loss sustained by or damage caused to any person as a result of anything done or omitted in the bona fide performance of any function or duty under the Act. |
| Assessment | Compliant. |
| Comments | |
| Principle 1(6) | Cooperation. Arrangements for sharing information between supervisors and protecting the confidentiality of such information should be in place. |
| Description | Section 33 of the SARB Act indicates that BSD, as part of the SARB, is obliged to preserve the secrecy of any information acquired in the performance of its duties, except vis-à-vis the minister of finance or when under a court order. Notwithstanding this provision, BA section 89 allows the registrar to provide at his discretion information to domestic public officials if that information is essential to the proper performance of the latter’s functions, and to foreign supervisory authorities if the registrar is satisfied that the recipient is willing and able to keep the information confidential. The BA does not require the registrar to ensure that the recipient of such information maintains its confidentiality, but he does in practice do so. The Promotion of Access to Information Act of 2000 has cast some doubt on the registrar’s ability to maintain the confidentiality of information, but in practice it has not so far led to any problems. The Regulations under the BA indicate that the content of the prudential returns is confidential and not available for inspection by the public. MOUs are in place between the SARB’s BSD on the one hand and the FSB and thirteen foreign bank supervisory authorities on the other. MOUs between the SARB and a further twenty-one foreign supervisors, as well as with the FIC and the NCR, are in various stages of preparation. The BSD has organized supervisory colleges for host country supervisors of branches and subsidiaries of South African banks, and has attended foreign supervisors’ colleges in the role of a host supervisor. Regular meetings take place between the BSD and other relevant domestic authorities (e.g., consolidated banking group meetings with the FSB). |
| Assessment | Compliant. |
| Comments | |
| Principle 2 | Permissible activities. The permissible activities of institutions that are licensed and subject to supervision as banks must be clearly defined, and the use of the word “bank” in names should be controlled as far as possible. |
| Description | The terms “bank” and “business of a bank” are defined in section 1 of the BA. The “business of a bank” is defined principally as the taking of deposits and the use of the proceeds for lending and investment, as well as “any other activity which the registrar has ….. by notice in the Gazette declared to be the business of a bank”. It does not include banking-like business carried out by cooperatives (subject to such conditions as may be prescribed) and by institutions covered by other acts and designated by the minister of finance (e.g., mutual banks). However, such business is also subject to supervision by the registrar (in the case of mutual banks) or by the Treasury (in the case of cooperative banks; however, as of March 2010 no cooperative banks existed). BA section 22 limits the use of the word “bank” in names to institutions that are registered in South Africa and foreign institutions that have been registered either as a branch or a representative office. A current list of authorized banks and registered branches of foreign banks is published on the SARB’s website. |
| Assessment | Compliant. |
| Comments | |
| Principle 3 | Licensing criteria. The licensing authority must have the power to set criteria and reject applications for establishments that do not meet the standards set. The licensing process, at a minimum, should consist of an assessment of the ownership structure and governance of the bank and its wider group, including the fitness and propriety of board members and senior management, its strategic and operating plan, internal controls and risk management, and its projected financial condition, including its capital base. Where the proposed owner or parent organization is a foreign bank, the prior consent of its home-country supervisor should be obtained. |
| Description | The licensing of banks in South Africa is a two-step process. First, the applicant must receive an authorization to establish a bank, and second, the applicant must be registered as a bank (BA sections 12 and 16). It is the registrar who decides on the granting or refusal of both authorization and registration. The registrar will not grant an application for authorization unless he is satisfied that a range of conditions specified in the BA is fulfilled (BA section 13). Among these conditions are the availability of sufficient financial means to meet the requirements of the BA, the ability and willingness of the applicant to run a bank successfully and prudently, as well as others. An authorization lapses automatically after 12 months, and it may be withdrawn by the registrar before that if false or misleading information has been furnished by the applicant. An application for authorization must be nearly as complete as would be required for registration. The authorization would normally be granted under certain conditions (e.g., bring in the required capital, find a suitable chief executive officer, find premises). Once these conditions are met, the registrar may grant registration subject to such further conditions as he may determine (BA sections 17 and 18). One of the requirements for being granted registration is that the registrar is satisfied that the applicant will be able to continuously meet the requirements of the Banks Act (BA section 17(2)(b)). The licensing process is consistent with the BSD’s ongoing supervision process as described in its Supervisory Review and Evaluation Process (SREP) Manual. Before approval is granted, the registrar must be satisfied that the proposed bank will be able to submit the necessary returns on time in order for it to be properly supervised. Providing detailed information on all major shareholders is a requirement, and all shareholders, shareholding structures and sources of capital are evaluated and approved before registration. The evaluation includes an assessment of major shareholders’ ability to provide future financial support, and a letter of comfort is requested and received from all significant shareholders (i.e., shareholders holding more than 15 percent of the shares). Financial projections for the proposed bank are to be submitted with the application for authorization and registration. The BSD determines the viability of the projections. The minimum amount of initial capital is R 250,000,000 (BA section 70). As part of the registration process, directors and senior management are assessed for fitness and propriety, including an assessment of their knowledge of the proposed bank’s operations. The BSD has issued a Guidance Note recommending that new bank directors attend the directors training at the Gordon Institute of Business School (a well-regarded business school affiliated with the University of Pretoria). The BSD requires information on all business systems, business plans, management, auditors, etc. as part of the registration approval process. The process also includes the assessment of a bank’s policies and procedures regarding the detection and prevention of criminal activities and compliance with anti-money laundering requirements, although providing information on this is not yet required in the application form (Regulation 53, form BA 002). In case of a foreign bank wishing to set up a subsidiary or a branch in South Africa, the BSD seeks a written confirmation from the home supervisor that there is no objection to the proposed establishment, even though this is not required by the Banks Act (somewhat oddly, in the case of foreign banks wishing to set up a representative office in South Africa, there is such a requirement (BA section 34(2B)(b)(i))). The BSD will also seek to verify that the home supervisor practices consolidated supervision and meets international supervisory standards to a reasonable extent (BA section 18A(3)(b)). |
| Assessment | Compliant. |
| Comments | The BSD is in the process of including “…the detection and prevention of criminal activities …” in form BA 002 (Application for Authorisation/Registration) as well as Regulation 39 section (5) (minimum requirements for risk management processes, policies and procedures). |
| Principle 4 | Transfer of significant ownership. The supervisor has the power to review and reject any proposals to transfer significant ownership or controlling interests held directly or indirectly in existing banks to other parties. |
| Description | Section 37 of the Banks Act provides that no person shall acquire more than 15 percent of the nominal value or the voting rights of all the issued shares of a bank or a controlling company without the written approval of the registrar. For acquisitions in excess of 49 percent, the written permission of the minister of finance is required. Permission will not be granted if this would, in the view of the registrar or the minister, be contrary to the interests of the bank concerned or its depositors, or to the public interest. Section 38 provides that bank shares must actually be held by the beneficial shareholder, i.e., transfer to nominees is not allowed. Section 42 defines a “controlling interest” as an interest of more than 50 percent of the nominal value of all the issued shares of a bank. Banks have to provide the BSD with an annual return concerning their shareholders (form BA 125). Dividends shall not be paid, and voting rights cannot be exercised, on shares that have been obtained in contravention of the provisions of the Banks Act (BA section 41). There is no specific requirement for banks to notify the BSD of any material information that may negatively affect the suitability of a major shareholder, but the BSD is of the view that such a requirement follows from the general obligation of a bank’s directors to act in good faith. |
| Assessment | Compliant. |
| Comments | Consider introducing a specific legal requirement for banks to notify the BSD of material information that negatively affects the suitability of its shareholders. The threshold of 15 percent beyond which supervisory approval is needed for acquiring shares in a bank appears to be rather high by international comparison – many countries have set the threshold at either 5 or 10 percent of a bank’s capital – but in the BSD’s experience this has not caused any problems. |
| Principle 5 | Major acquisitions. The supervisor has the power to review major acquisitions or investments by a bank, against prescribed criteria, including the establishment of cross-border operations and confirmation that corporate affiliations or structures do not expose the bank to undue risks or hinder effective supervision. |
| Description | Section 52 of the Banks Act stipulates inter alia that a bank shall not—without the prior written approval of the registrar and subject to such conditions as the registrar may set—establish or acquire a subsidiary, or invest more than 5 percent of its capital and reserves in a joint venture. Regulation 56 sets out the information that needs to be submitted to the registrar with an application for permission for investing in subsidiaries or joint ventures. The criteria by which the registrar assesses applications for such investment are not spelled out in laws or regulations. The BSD’s SREP Manual (under “Consolidated Supervision” → “Section 52 Policy”) describes the process followed by the BSD to assess applications for investments by banks or controlling companies. The process includes analysis of the bank’s shareholders, financial strength, legal and operational structure, risk profile and quality of management, as well as—in the case of foreign acquisitions or investments—secrecy laws and other regulations that might hinder information flows. Section 50 of the Banks Act provides that a company controlling a bank shall manage its investments in non-banking activities in such a manner that these investments do not exceed a certain threshold. This threshold has been set by the registrar at 40 percent of share capital and reserves (the so-called 60/40-rule). In other words, a bank controlling company is required to focus predominantly on banking activities. A bank’s non-banking activities are further restricted by BA section 76, which sets a limit to the sum of a bank’s investments in real estate and shares, and loans to subsidiaries. |
| Assessment | Largely compliant. |
| Comments | The Banks Act and the Regulations do not define the amounts (absolute or in relation to a bank’s capital) of investments by a bank in a subsidiary that need prior supervisory approval. Neither are the criteria specified that the registrar uses for approving or disapproving proposed investments in subsidiaries and joint ventures, although to some extent these are implicit in the information that has to submitted with an application for permission for acquisitions or investments (Regulation 56). Neither does the Banks Act nor any Regulation or BSD circular clearly indicate for which cases notification after the investment or acquisition is sufficient. Apparently all acquisitions and investments, no matter how small, require the registrar’s prior approval. The efficiency of the BSD’s use of resources might be increased, and the burden that supervision puts on the banks might be reduced, by exempting investments and acquisitions under a certain threshold from prior approval. |
| Principle 6 | Capital adequacy. Supervisors must set prudent and appropriate minimum capital adequacy requirements for banks that reflect the risks that the bank undertakes and must define the components of capital, bearing in mind its ability to absorb losses. At least for internationally active banks, these requirements must not be less than those established in the applicable Basel requirement. |
| Description | The capital adequacy rules apply to all banks in South Africa, including foreign branches, on a consolidated and solo basis. Section 70 of the Banks Act sets an absolute and a risk based minimum capital requirement for banks on a solo basis. Similarly, Section 70A of the Act sets a risk based minimum amount of capital for the controlling company on a consolidated basis. Section 4 of the Act allows the registrar to publish the factors relating to the setting of the capital adequacy ratios that are in excess of the prescribed minimum capital adequacy ratio. The capital of a bank is the sum of primary (Tier 1) and secondary (Tier 2) and tertiary (Tier 3) capital. Tier 1 capital must constitute at least 50 percent of the bank’s capital. The definitions of the capital components and the deductions applied to Tier 1 and total capital are specified in Regulation 38 (9–16) and Regulation 234 respectively and are in line with, and in many instances stricter than, the Basel requirements. The SARB implemented Basel II on 1 January 2008 for all banks5, except the mutual banks which remain on Basel I. Paragraph 4 of Regulation 38 gives the BSD the authority to set each bank’s capital ratio at any time and sets the minimum Tier 1 ratio at 7 percent, the minimum core Tier 1 ratio at 5.25 percent and the minimum total capital ratio at 9.5 percent. The 1.5 percent additional systemic requirement (Pillar 2a charge defined in reporting form BA700) across the board on top of the internationally agreed minimum capital ratio of 8 percent was imposed to align the Basel II underlying assumptions (for example, the calibration based on a diversified internationally active bank) to an emerging market environment. Although it is subject to continuous assessment, this systemic add-on was last determined at the time of the Basel II implementation 2008 on a capital planning cycle basis (3 to 5 years). Additionally, banks are required to keep an idiosyncratic capital buffer (Pillar 2b charge), as determined by the registrar reflecting the individual risk profile. The sum of both is regarded as the hard floor, based on which banks are required to set their target ratios. To ensure consistency, this idiosyncratic add-on is periodically set by the BSD review panel on a regular basis in function of the risk profile of the bank. The frequency of review varies with the BSD risk assessment of the bank. The BSD closely monitors compliance with the minimum capital ratio reported by the banks. In case of non-compliance, Section 74 of the Banks Act allows the registrar to impose fines. In practice however, the registrar will engage with the bank well before the ratio falls below the minimum. During that time, he also has the ability to use a variety of other enforcement powers under the Banks Act and the Regulations, for example the suspension of dividends or the issuance of a directive. The registrar also has the authority to require banks to adopt more forward looking approaches to capital management. In January 2009, the BSD used moral suasion to encourage the banks to increase their Tier 1 ratio due to the expected changes in market conditions. There have been no instances of a bank refusing to comply with capital adequacy requirements. By assessing the ICAAP and strategy of a bank, the BSD can also determine the overall capital adequacy in relation to a bank’s risk profile. The ICAAP assessment is performed at least biannually for low risk banks and annually for higher risk banks. Bank’s ICAAPs are discussed during prudential meetings with the relevant banks. The registrar allows the banks to use the Basel II advanced approaches for credit and operational risk as well as the internal models method for market risk. The accreditation for the use of internal risk estimates as regulatory inputs by particular banks is subject to rigorous qualifying standards and to the approval of the registrar (Regulation 23(10) a for the IRB approaches, Regulation 33(3)(b-c) for the advanced approaches for operational risk and Regulation 28(4)b for market risk). The registrar has the explicit power to revoke accreditation for the operational risk advanced approaches (Regulation 33(6)), but no explicit powers to revoke the advanced approach are included in the regulation for credit and market risk. However, the registrar has included the revocation power in the conditions for approval for the use of advanced approaches for credit and market risk. |
| Assessment | Largely compliant. |
| Comments | The BSD is to be commended for its early adoption and full implementation of the Basel II framework in an emerging market environment on 1 January 2008, and its continuous efforts to remain in line with subsequent international developments. There is no explicit power for the registrar to revoke the use of the advanced approaches for credit or market risk. Although the accreditation conditions point out that banks need the registrar’s prior written approval and banks are continuously required to meet the advanced model user conditions, an explicit revocation power should be added to the regulation, similar to Regulation 33(6) on operational risk. |
| Principle 7 | Risk management process. Supervisors must be satisfied that banks and banking groups have in place a comprehensive risk management process (including board and senior management oversight) to identify, evaluate, monitor, and control or mitigate all material risks and to assess their overall capital adequacy in relation to their risk profile. These processes should be commensurate with the size and complexity of the institution. |
| Description | Section 60B (1) of the Banks Act requires that the board of directors of any bank establish and maintain an adequate and effective process of corporate governance. The objectives of the corporate governance process are detailed in Section 60 B (2). Section 64A of the Banks Act requires, unless the registrar grants an exemption, the Risk and Capital Committee of the board to establish an independent risk management function and a group risk management function, where applicable. These legal provisions further cascade into Regulation 39 (4) which requires banks to have in place comprehensive risk management processes and board approved policies and procedures to identify, measure, monitor, control and report risk. Regulation 36 (17) ensures these requirements also apply to controlling companies. Regulation 39 (5) specifies the minimum requirements for the risk management processes and procedures. Furthermore, regulation 39 (15-17) specifically outlines the minimum requirements for board and senior management oversight, sound capital assessment, monitoring and reporting and internal control reviews. The requirement for the risk management processes, strategies and procedures to be duly documented is stated in Regulation 39 (5)f. Supervisory verification is guided by the SREP Manual “Analytical Framework – Corporate Governance and Risk Management”. The BSD obtains the bank’s policies and assesses their continuous adequacy and compliance with all aspects of the legislation and Regulation 39 during prudential meetings with the risk managers and heads of business units of the relevant banks. The frequency of the meetings depends on the risk based risk rating (set by the BSD) of the bank. It also verifies whether the bank’s policies are approved by the board and effectively implemented, appropriate limits are established and senior management monitors and controls all material risks. During its prudential meetings, the BSD makes an assessment of the timely reporting of risk information to the board and senior management. Various risk areas are discussed and an assessment of whether the policies and processes are appropriate in light of the bank’s risk profile and business plan is made. With regard to the new products, the bank’s policies and processes and in particular the role of the board are also verified. Should concerns arise, the BSD will perform a focused onsite visit or require internal or external auditors to review specific areas for compliance with banks policies, including limits. The board is also required to at least once a year assess and document whether the processes relating to corporate governance, internal controls, risk management, capital management and capital adequacy implemented by the bank achieve the objectives specified by the board (Regulation 39 (18)). This assessment is subject to review by external auditors. Through the assessment of a bank’s ICAAP, the BSD also determines whether senior management and the board understand the risks being taken and how that impacts on capital adequacy. In this respect, discussions between the registrar and the board, held at least biannually and annually for higher risk banks, also allow the registrar to gauge the board’s understanding. The board members involvement in the implementation of the ICAAP process was tabled as a “flavor of the year” topic6 in 2008. The ICAAP covers all material risks that a bank faces including the risks not directly addressed by the Core Principles like strategic and reputational risks. In case the registrar determines that the risk bank’s policies, processes and procedures relating to its risk assessment are inadequate, he has the power, in accordance with Regulation 38 (4), to require the bank to maintain additional capital and/or to strengthen its risk management policies or internal control systems. The Regulations require banks and controlling companies to perform a variety of Pillar 1 and Pillar 2 stress tests. Guidance note 9/2008 was issued by the BSD in 2008 to clarify supervisory expectations when performing the stress tests. For the banks that use internal models to measure components of risk, the BSD has a robust approval process in place and ensures that banks perform periodic and independent validation and testing of models and systems. The registrar has issued regulations related to, in particular, credit risk (Regulation 23 and 24), market risk (Regulation 28), liquidity risk (Regulation 26), interest rate risk in the banking book (Regulation 30) and operational risk (Regulation 33 and 34) |
| Assessment | Compliant. |
| Comments | |
| Principle 8 | Credit risk. Supervisors must be satisfied that banks have a credit risk management process that takes into account the risk profile of the institution, with prudent policies and processes to identify, measure, monitor, and control credit risk (including counterparty risk). This would include the granting of loans and making of investments, the evaluation of the quality of such loans and investments, and the ongoing management of the loan and investment portfolios. |
| Description | As described under Principle 7, Regulation 39 lays out the responsibility of the board of directors and senior management to ensure that effective credit risk management is in place and is adequate for the needs of the bank. In this respect, sub-regulations (7) to (12) of Regulation 39 specify strict governance requirements for IRB banks, like the requirement for the board of directors and senior management to approve all material aspects of the bank’s rating and risk estimation processes. Section 6 and 7 of the Banks Act provide the registrar with full access to information in the credit and investment portfolios. Section 60 of the Banks Act requires each director, chief executive officer or executive officer of a bank to avoid any conflict between the bank’s interest and his interest. As noted under Principle 7, the board also performs a yearly self assessment of the appropriateness of the governance processes. Regulations 23 and 24 drill further down into the more specific qualitative and quantitative requirements for credit risk for the IRB and standardized approaches. As part of the planning process, the BSD requires IRB banks to complete a questionnaire in the form of a self-assessment template provided by the BSD, which forms an important part of the supervisory process. The bank’s answers will be the basis for analysis and discussion of credit risk management strategies and significant policies and processes during prudential meetings focused on credit risk. The BSD also performs in-depth quantitative analysis, consisting of peer group comparisons and trend analysis, of the monthly returns. These findings allow the supervision team to challenge the bank’s senior management periodically on credit risk issues. Moreover, for IRB banks the BSD’s credit risk specialists perform specific onsite visits focusing on the wholesale and the retail portfolio as well as the review of new model developments. The assessment team reviewed the 2009 onsite IRB visits schedule and obtained confirmation from the relevant banks on the frequency and rigor of these reviews and the IRB accreditation process in general. For an additional verification of the adequacy and effectiveness of a bank’s policies and procedures, the BSD significantly relies on the work of internal and external auditors. For all banks, in accordance with Regulation 46 (4), the external auditor reports to the registrar on any significant weaknesses in the system of internal controls relating to the granting of loans, the making of investments, the ongoing management of the loan and investment portfolios and the relevant credit impairments or loan loss provisions and reserves. In respect of the work performed by external auditors, the BSD held extensive discussions with the South African Institute of Chartered Accountants to ensure the appropriateness of the regulation 46-reports in view of the applicable standards on auditing, review engagements and assurance engagements as well as the BSDrequirements. The content of the reports was signed off by both parties after mutual agreement. Regulation 46-reports are therefore based on detailed criteria developed jointly by the BSD and the external auditors. It is important to note that some of the audit opinions reviewed by the assessment team were “limited assurance” opinions, meaning that the auditor will only report significant weaknesses noted while performing his duties. In such cases, he will not perform any additional procedures to identify significant weaknesses in internal control unless specifically asked by the BSD. During bilateral meetings with the auditors the BSD may request additional work to be done on specific credit risk issues identified through monthly analysis and queries, graph discussions and prudential meetings, which include matters related to internal controls. These requests, when made, are stipulated in a formal letter to the external auditors. For IRB banks only, external auditors also perform an additional annual review (long form report) of the bank’s estimates and models used for the IRB approaches. These auditors reports are reviewed, assessed and discussed by the BSD with the auditors (bilateral meeting) as well as with the bank’s audit committee and external auditors as part of the trilateral meeting. Sample reports of both categories that is a Regulation 46(4) and a long form report, were reviewed by the assessment team and were considered thorough and professional. Regular monitoring and peer group benchmarking of the quantitative estimates by credit risk specialists are in place. The outcomes of these reviews are shared and debated with the banks. The assessment team examined a sample monitoring report and considered the scope and level of detail adequate for its purpose. Annual reviews of compliance with the IRB requirements are carried out by the BSD or by the external auditors. For the standardized banks, an onsite review team of the BSD has over the past year mainly focused on the correct implementation of the standardized approach. Areas covered during on-sites include the correct assignment of risk weightings to exposures, the use of eligible credit assessment institutions, the compliance with specific collateral requirements, the assignment of exposures to past due buckets etc. The reviews are performed on a portfolio basis as well as on a sample transaction basis, with specific exposures being selected and compliance with documentation requirements verified. The assessment team reviewed the visit schedule and work plan of the review team. Section 73 of the Banks Act requires that credit decisions in excess 10 percent of qualifying capital are taken by a board appointed committee and exposures exceeding 25 percent of qualifying capital require additional approval by the registrar. All banks submit an ICAAP which includes credit concentration risk. For its own analytical purposes, the BSD keeps a record of large outstanding credit exposures by individual banks. The BSD does not have a specific stipulation in its regulations or the law that requires banks to monitor the total indebtedness of entities to which they extend credit. Nevertheless, during its onsite visits of standardized banks, the review team focused on the limit for individual exposures to be classified as retail exposures under Basel II. Hence, it analyzed and assessed current practices of banks in terms of aggregation of exposures to a particular counterpart. |
| Assessment | Compliant. |
| Comments | |
| Principle 9 | Problem assets, provisions, and reserves. Supervisors must be satisfied that banks establish and adhere to adequate policies and processes for managing problem assets and evaluating the adequacy of provisions and reserves. |
| Description | Regulation 23 (22) requires banks to have a “sufficiently robust system for the calculation of credit impairment” in accordance with Financial Reporting Standards. The definition of impaired assets in this regulation explicitly includes off-balance sheet exposures, with reporting requirements encompassing both on and off balance sheet items. Regulation 24 (5)(c) specifies criteria for assets of standardized banks to be classified into specific loss categories (special mention, substandard, doubtful and loss) but does not specify prescribed provisioning percentages for the categories. Regulation 23 (22)b gives the power to the registrar to require the relevant bank to raise provisions if he believes they are inadequate. For the supervisory verification of the adequacy of banks’ treatment of problem assets the BSD relies partly on work done by external auditors. External auditors review the adequacy of bank’s policies and provisioning as part of the annual audit with the application of Financial Reporting Standards. They also report, in a limited assurance opinion, as part of the Regulation 46(4) report on significant weaknesses in the system of internal control as regards policies, practices and procedures of the bank relating to credit impairments or loan loss provisions and reserves. That said, some of the requirements of the essential criteria of this core principle like the periodical assessment of the value of risk mitigants, the periodic review of problem assets, the adequacy of organizational resources for identification, the oversight and collection of problem assets, the timely and appropriate information to the board of the condition of the asset portfolio are not explicitly captured by the external auditors brief in Regulation 46 (4) or the regulation. They form part of a “sufficiently robust system for calculation of credit impairment”. It is recommended the BSD clarify its principles-based expectations of a “robust system for the calculation of credit impairment” in more detail in a regulation or a guidance note. The review team has focused on onsite reviews for standardized banks relating to the adequate implementation of the standardized approaches (refer Core Principle 8) including the correct classification of the overdue bucketing categories. The bank-specific supervisory team also performs quantitative analysis of the problem assets, including peer group comparisons and trend analysis, as reported in the monthly returns. These findings allow the supervision team to challenge the bank’s senior management periodically during prudential meetings and the board of directors, if required, on problem assets, provisioning and reserving issues. The assessment team reviewed a graph analysis presentation and concluded that this was comprehensive for its purposes. The BSD conducts regular prudential meetings with the banks’ management responsible for credit risk and, in addition, monitors issues identified by the internal audit function of a bank. On a monthly basis, the credit risk specialist function compares and monitors individual banks’ levels of impaired advances and levels of specific impairments against such advances with those of its peers (so-called credit risk Dashboard-report). Large or unexpected movements, as well as trends that appear to be out of line with the peer group for individual banks are followed up rigorously through discussions, working sessions or focused prudential meetings, depending on the gravity of the situation. In the course of 2009, the BSD performed a survey on credit risk across all banks, asking specific questions on collateral valuation, impairment and best estimates in 6 to 12 months time. The outcomes of the survey are likely to be used in the policy process with the objective to further refine the current standardized approach risk weights. |
| Assessment | Largely compliant. |
| Comments | BSD relies, as part of its supervisory approach, on the FRS provisions as audited by the external auditor and the outcomes of the external auditors report under Regulation 46 (4). It is recommended that more specific qualitative guidance on the BSD’s requirements be provided to the external auditors and/or the banks to ensure that all the essential criteria of this core principle are addressed. This applies in particular to areas such as the periodical assessment of the value of risk mitigants, the periodic review of problem assets, the adequacy of organizational resources for identification, the oversight and collection of problem assets, and the timely and appropriate information to the board of the condition of the asset portfolio. The BSD should also clarify its expectations with regard to forward looking provisioning for prudential purposes with banks and/or external auditors. More explicitly, a general allowance for credit impairment is not a clearly defined concept under IFRS and part of it may be included in Tier 2 capital. |
| Principle 10 | Large exposure limits. Supervisors must be satisfied that banks have policies and processes that enable management to identify and manage concentrations within the portfolio, and supervisors must set prudential limits to restrict bank exposures to single counterparties or groups of connected counterparties. |
| Description | Regulation 39 (3) and (4) requires banks to ensure adequate policies and procedures to identify and manage concentration risk are in place. The criteria for determining “connected persons” are set out in Section 73(3)a as well as in Regulation 65, which defines the notions of person and connected person. Section 73(4) allows the registrar to exercise discretion on a case by case basis. The prudential concentration limits are set in Section 73 (1)a of the Banks Act, which requires banks to obtain board or board Committee approval for exposures greater than 10 percent of qualifying capital. Directive 5/2008 requires that in addition to executive representatives, at least three non executive directors are included in such board Committee. Furthermore, Section 73(1)b requires that the aggregate amount of all exposures exceeding 10 percent of qualifying capital be less than 800 percent of qualifying capital. Finally, Section 73 (2)a requires written approval of the registrar for exposures exceeding 25 percent of qualifying capital. Both Regulation 24(6) and (7) provide more detailed guidance of the concentration limits in place and explicitly require off balance sheet items to be included in the exposure calculation. Section 73(2) c, d and e of the Banks Act allows the registrar to require banks to hold additional capital or comply with prescribed conditions or requirements in case concentration risk is considered excessive. Banks are required to report concentration risk on a solo (reporting form BA 210) and consolidated basis (reporting form BA 600) including sectoral, currency and geographical concentration to the BSD on a quarterly basis. The BSD analyses concentration risk in the prudential returns. This analysis is the basis for discussion of concentration risk management strategies, policies and processes as well as timely and comprehensive reporting processes during prudential meetings with senior management focused on credit concentration risk. Based on these meetings, the BSD assesses if the banks risk management policies and procedures are adequate or if additional onsite work is required. Supplementary supervisory verification for standardized banks is also performed by the review team when performing on site exams of credit risk compliance. The credit risk specialist team also performs on site reviews for IRB bank during which they assess credit concentrations. The ICAAP periodically submitted by banks also includes concentration risk. A review of the ICAAP will also allow the supervision team to challenge the bank’s senior management periodically and the board of directors at least annually on concentration risk. The assessment team reviewed the supervisory files relating to the ICAAP of one of the larger banks and concluded that the review was comprehensive. |
| Assessment | Compliant. |
| Comments | |
| Principle 11 | Exposures to related parties. In order to prevent abuses arising from exposures (both on balance sheet and off balance sheet) to related parties and to address conflicts of interest, supervisors must have in place requirements that banks extend exposures to related companies and individuals on an arm’s length basis; these exposures are effectively monitored; appropriate steps are taken to control or mitigate the risks; and write-offs of such exposures are made according to standard policies and processes. |
| Description | A comprehensive definition of a “related person” (including both natural and legal persons) is provided in Regulation 36(6)(c). The definition includes “any other person or entity specified in writing by the registrar”. Regulation 36(15) requires inter alia that a bank shall have board approved policies in place to control the risks of related party exposures, that no exposure to a related person shall be extended on more favorable terms than a similar exposure to a non-related person, that persons benefiting from the exposure shall not be responsible for the loan assessment or the credit decision, and that any extension of credit to a related person is duly documented and monitored. The Regulation allows the registrar to require from a bank that specific related party exposures are deducted from its capital, or that adequate collateral is obtained, if in his opinion the bank’s policies and processes for related party lending are inadequate. Aggregate limits for related party exposures are the same as those for large exposures. For the verification of compliance with the requirements with respect to related party exposures, the SREP Manual foresees that BSD staff meet with a bank’s credit risk managers to obtain information on individual and aggregate related party exposures and to discuss whether the requirements of Regulation 36(15) are adhered to. During such meetings, confirmation will also be sought that banks’ senior management monitors related party transactions on an on-going basis. In addition, external auditors verify related party exposures as part of their audit of the annual financial statements. Related party exposures (with the exception of intragroup exposures exceeding 1 percent of group qualifying capital and reserve funds) are not regularly reported to the BSD either on an individual or on an aggregate basis (unless they fall in the large exposures category). |
| Assessment | Materially non-compliant. |
| Comments | The BSD does not obtain on a regular basis comprehensive information on banks’ aggregate exposures to related parties. It is currently considering the inclusion of related party exposures as a separate reportable item on form BA 600 (Consolidated return which already includes reporting of group large exposures). Neither does the BSD obtain regular information on individual related party exposures, which makes it doubtful whether it would be able to use its authority to instruct a bank to deduct such exposures from its capital effectively. The BSD does not yet require that transactions with related parties and the write-off of related party exposures exceeding specified amounts or otherwise posing special risk are subject to prior approval by the bank’s board. However, it is currently in the process of proposing amendments to Regulation 36(15) to include these requirements, as well as a requirement that persons benefiting from a particular exposure shall not be responsible for managing that exposure. In addition, there is no specific requirement for banks to have policies and processes to identify individual exposures to related parties. Prior board approval is not yet required for a bank’s transactions with related parties in excess of specified amounts. An amendment to Regulation 36 incorporating such a requirement is currently under preparation. |
| Principle 12 | Country and transfer risks. Supervisors must be satisfied that banks have adequate policies and processes for identifying, measuring, monitoring, and controlling country risk and transfer risk in their international lending and investment activities and for maintaining adequate provisions and reserves against such risks. |
| Description | There are no specific regulations or prudential limits in place for country risk or transfer risk as these risks are expected to be captured in the overall credit risk management framework of banks. The scope of Regulation 39 includes translation risk and concentration risk (paragraph 2). Also, regulation 39 (5)(f) requires banks to establish risk management processes that are significantly robust to promptly identify material concentrations in respect of counterparties in the same geographic region. Regulation 56(2)(b)(xii)(D) requires a bank to provide the BSD with an evaluation of country and transfer risk of the host country when a bank plans to acquire or establish an off-shore subsidiary, off-shore branches, joint ventures or other interest. There is, however, no explicit requirement in the legislation or regulation that banks must continuously monitor and evaluate developments in country risk and in transfer risk and apply appropriate countermeasures. Every quarter, banks are required to report form BA210 which breaks down exposures by 6 geographic regions (Africa (other than South Africa), Europe, Asia, North America, South America and Other) and by external credit ratings. Additionally, the BSD receives reporting from the foreign subsidiaries or operations of domestic banks which allows it to monitor country and transfer risk to some extent but no consolidated view of individual country risk is reported. In practice, high level discussions with a selected number of individual banks with cross border exposures confirm that policies and procedures are generally established. Their adequacy and implementation is captured through discussions at prudential meetings. In addition, banks that have significant country and/or transfer risk exposures are expected by the BSD to take these into account in their ICAAP (the assessors were shown evidence that some banks actually do so). Although external auditors are required to review compliance with reporting of large exposures, credit concentration risk as well as provisioning, there is no reference to country risk in particular. |
| Assessment | Materially non-compliant. |
| Comments | A regulation specifically dealing with country and transfer risk should be promulgated since these are material risks to some of the banks. The granularity of regional exposures on form BA210 should be increased so that the BSD is in a position to monitor country and transfer risk on an ongoing basis. |
| Principle 13 | Market risk. Supervisors must be satisfied that banks have in place policies and processes that accurately identify, measure, monitor, and control market risks; supervisors should have powers to impose specific limits and/or a specific capital charge on market risk exposures, if warranted. |
| Description | Regulation 39 clearly establishes the responsibility of the board of directors of a bank in engaged in activities that give rise to market risk. Regulation 28 (6) requires every bank to have in place, inter alia, written board approved policies and procedures clearly establishing criteria for allocation to the trading or banking book, a risk appetite statement including the nature and extent of trading activities and an annual review of said policies and procedures. Regulation 28(4) prescribes the methodology for capital requirements and establishes prudential limits for specific market risks, including interest rate risk, foreign exchange risk, equity position risk and commodity risk. Banks are required to hold capital against market risk using either the Standardized or the Internal model method or a combination of the two approaches. Regulation 28 (8) d-g sets out requirements with regard to stress testing and scenario analysis. The banks wishing to apply the internal models approach (currently 4 internal model approvals have been granted and one bank has applied) are subjected to an accreditation process as well as an annual onsite renewal review. They are required to provide signed market risk policies and limit mandates to the BSD. During these reviews (accreditation as well as annual reviews), policies, processes and controls are assessed and banks’ internal reports relating to model validation, monitoring, measuring and controlling market risk are reviewed. Furthermore, mark to market revaluations, valuation adjustments and reserving, back-testing exceptions, limit breaches and other control failures are analyzed. The scope of the onsite prudential meetings also includes a review of policies and systems for deal capture and deal input, as well as scenario analysis, stress testing and contingency planning requirements. Large banks are also required to account for reconciliation failures to the BSD on a quarterly basis. For some higher risk standardized banks, onsite prudential meetings on market risk covering some of the issues identified above are also scheduled. For the remaining banks, the BSD ensures that policies and processes are adhered to in practice and are subject to appropriate board and management oversight by a combination of reliance on internal audit, prudential meetings with senior management and desk reviews. Market Risk Specialist teams support the supervisors responsible for individual banks. Onsite prudential visits are undertaken by teams involving both the frontline supervisors and the market risk specialists, combining institutional knowledge with technical market risk expertise. Regulation 39 (13-14) requires that market data used to value trading book positions be verified by an independent price verification process at least once a month. Actual revaluation practices are tested during the Internal Models renewal review process and cross industry thematic reviews of market risk. Reporting forms BA 320 (monthly form that covers the standardized approach and the Internal Models Approach) and BA 325 (daily return that covers selected risk information, including the standardised approach and the Internal Models Approach) are periodically analyzed and compared with bank’s trading balance sheets, limit structures and financial performance. For internal model users, backtesting results are regularly provided to the BSD and in case these results indicate poor model specification, the models capital requirement multiplier will be adjusted. |
| Assessment | Compliant. |
| Comments | |
| Principle 14 | Liquidity risk. Supervisors must be satisfied that banks have a liquidity management strategy that takes into account the risk profile of the institution, with prudent policies and processes to identify, measure, monitor, and control liquidity risk and to manage liquidity on a day-to-day basis. Supervisors require banks to have contingency plans for handling liquidity problems. |
| Description | BA section 64A requires a bank’s board of directors to appoint at least three of its members to a risk and capital management committee. Its tasks include assisting the board in the establishment and implementation of policies and procedures designed to ensure that the bank identifies and measures all material risks and in developing a risk mitigation strategy. Regulation 39 on corporate governance lists the risks to be managed and includes liquidity risk. BA section 72 and Regulation 26 set minimum liquidity requirements for banks. The monthly reporting form BA 300 includes both on and off balance sheet liabilities such as undrawn lending commitments, guarantees and liquidity facilities provided to off balance sheet vehicles. The form also includes reports on the degree of concentration of deposits, balance sheet mismatches under business-as-usual as well as bank-specific stress assumptions, liquidity stress testing, available sources of stress funding, and maturity ladders for foreign currency positions. Banks foreign currency positions (gross assets and liabilities per currency) are reported on a daily basis in form BA 325 and are generally quite small. BA 325 also contains daily information on a bank’s participation in repo transactions with the SARB and interbank funding. Regulation 26 requires that a bank obtains the prior written approval of its board of directors or board approved committee for the assumptions applied in its asset and liability management process and in its liquidity stress testing. Compliance with this requirement, as well as with the requirements of BA section 64A and Regulation 39, is verified by the BSD by means of off-site and on-site reviews of relevant documentation and meetings with bank management. Because of the special significance of liquidity risk in the South African context, and to raise banks’ awareness of this fact, in 2009 the BSD conducted a thematic review of banks’ asset and liability management (ALM), including the management of liquidity risk and interest rate risk in the banking book. A detailed questionnaire was sent to the banks, including such items as the organizational structure and allocation of responsibilities for ALM, systems used, data sources, stress testing and contingency planning. On the basis of the answers received, as well as a prior review of relevant documentation (including internal audit reports on ALM), discussions were held with board members, senior managers and internal auditors. Also in 2009, the BSD has asked all bank boards to give a presentation on their degree of compliance with the “Principles for Sound Liquidity Risk Management and Supervision”, issued by the Basel Committee on Banking Supervision in October 2008. The two exercises have resulted in banks taking action—monitored by the BSD—to strengthen their liquidity risk management in those cases where shortcomings were found. This was particularly the case with respect to contingency planning for funding at some of the banks. |
| Assessment | Compliant. |
| Comments | In view of banks’ reliance on wholesale funding, and the resulting high degree of concentration of liabilities, the BSD should continue to closely monitor banks’ liquidity management, including periodic review of liquidity stress testing and contingency planning. Where material exposures to foreign currencies exist, the BSD should ensure that its ALM reviews include a more in-depth analysis of banks’ stress testing of foreign currency liquidity strategies, and that the results of such stress testing are a factor in determining the appropriateness of mismatches. |
| Principle 15 | Operational risk. Supervisors must be satisfied that banks have in place risk management policies and processes to identify, assess, monitor, and control/mitigate operational risk. These policies and processes should be commensurate with the size and complexity of the bank. |
| Description | The definition of operational risk is included in Regulation 65 and includes legal risk. As described under Core Principle 7, Regulation 39 lays out the responsibility of the board of directors and senior management to ensure that effective operational risk management is in place and is adequate for the needs of the bank. As noted under core principle 7, the board also performs a yearly self assessment of the appropriateness of the governance processes. Regulation 40 (4v) requires the board of directors to annually report to the registrar whether anything came to their attention that could indicate a material malfunction in functioning of internal controls, procedures and systems. Moreover, Regulation 47 calls for banks to report within 30 days any offences7 listed in paragraph 3 (a-f). Regulation 33 and 34 specifies the qualitative and quantitative criteria for the management of operational risk for banks on the standardized and the advanced measurement approaches respectively. Supervisory verification is guided by the SREP Manual “Analytical Framework – Operational Risk”. The BSD obtains the bank’s policies and assesses their continuous adequacy and compliance during prudential meetings. The Operational Risk specialist team also performs onsite visits. These reviews include focused operational risk reviews as well as advanced risk measurement accreditation visits (for the standardized and the advanced measurement approach under Basel II). The BSD includes IT risk in the scope of operational risk assessment work streams (e.g., Review of banks’ management reports covering IT, analysing internal loss data (form BA 410 returns—Business disruption and system failure—event type) and IT elements within the self assessments by banks for the advanced approaches.). That said, a comprehensive operational risk supervisory assessment is hampered by a specialist team that lacks strong IT skills. Hence, for the assessment of IT risk the BSD to a large extent relies on bank’s internal audit departments and the work done by external auditors as part of their certification of the annual accounts. Given that the integrity of IT systems is a cornerstone of operational risk management8 and that the work done by the external auditors is limited in scope, this is a weakness in the overall supervisory approach to operational risk management with banks. In 2008, the registrar raised board awareness to operational risk by tabling “the board’s involvement in the oversight of the banking institutions operational risk framework” as one of the topics to be discussed at the annual meetings between the registrar and the board of directors. This included the discussion of the three most severe operational risk events at the relevant board meeting. In 2006, the BSD required all banks to present their business continuity frameworks in respect to major business disruptions at the trilateral discussions. A specific format to structure the discussion is included in Circular 4/2006. Ongoing compliance with the business continuity requirements is verified as part of the operational risk onsite review. |
| Assessment | Largely compliant. |
| Comments | It is recommended that the BSD prioritize IT capacity building within its specialist risk areas in order to enable it to assess fully and adequately all aspects of banks’ operational risk management and thus to reduce reliance on the work on IT systems carried out by external auditors as part of their certification of the annual accounts. Board awareness for business continuity was raised in 2006 but the BSD should clarify its requirements into a regulation so that supervisory expectations are clear. |
| Principle 16 | Interest rate risk in the banking book. Supervisors must be satisfied that banks have effective systems in place to identify, measure, monitor, and control interest rate risk in the banking book, including a well-defined strategy that has been approved by the board and implemented by senior management; these should be appropriate to the size and complexity of such risk. |
| Description | Regulation 39 (1–5) and (16) require banks to have in place effective risk management processes, policies and procedures. Regulation 30 provides detailed requirements for the management of interest rate risk in the banking book. The SREP Manual section on “Interest rate risk in the banking book”—“ALM process” specifically addresses the supervisory assessment of interest rate risk in the banking book. Generally, a questionnaire is sent out to banks, which is followed by an assessment. The monthly reporting form BA330 deals with interest rate risk in the banking book and includes sensitivity analysis of net interest income and change in the economic value of equity. The BA330 forms are analyzed and discussed with senior management during the graph discussion. In case it is deemed necessary to go into further detail onsite, the BSD engages in more depth with senior management to verify the quality of the bank’s asset and liability management as well as the validation of the models and assumptions. For systemic relevant banks, an onsite visit will occur irrespective of the quality of the response and analysis reporting forms. In 2006, the BSD performed a thematic review across the industry on interest rate risk in the banking book. As part of its ICAAP process, the bank’s approach to interest rate risk in the banking book and the capital impact thereof is also analyzed and discussed with senior management of the bank. Regulation 39 (6)(e) refers to a general requirement for banks to regularly stress test their main risk exposures. Regulation 30 (23–36) has specific requirements for the calculation of interest rate sensitivity and stress testing to measure their vulnerability to loss under adverse interest rate movements. The outcomes are reported in the prudential reporting forms. Section 64A of the Banks Act requires, unless the registrar grants an exemption, the Risk and Capital Committee of the board to establish an independent risk management function and a group risk management function, where applicable. |
| Assessment | Compliant. |
| Comments | |
| Principle 17 | Internal control and audit. Supervisors must be satisfied that banks have in place internal controls that are adequate for the size and complexity of their business. These should include clear arrangements for delegating authority and responsibility; separation of the functions that involve committing the bank, paying away its funds, and accounting for its assets and liabilities; reconciliation of these processes; safeguarding the bank’s assets; and appropriate independent internal audit and compliance functions to test adherence to these controls as well as applicable laws and regulations. |
| Description | Internal control and audit requirements are anchored in the Banks Act and Regulation 39 which contain strict governance standards for banks. Section 60 of the Banks Act sets out the general duties of directors of a bank or controlling company. Section 60 B clearly assigns responsibility to the board of directors and the executive officers of a bank to establish and maintain an effective process of corporate governance. Section 64A of the Bank Act requires the board of directors of a Bank and/or a controlling company to appoint at least three of its members, of which at least two are non executive directors, to form and serve on a risk and capital committee. Regulation 39 provides further minimum requirements to the corporate governance processes in banks. The quality and exhaustiveness of the governance processes are assessed by the BSD during the information gathering meetings with internal audit, the head of the material risk areas, the compliance officer, external auditors (bilateral meeting) and the audit committee (trilateral meeting). As part of its supervisory process, the BSD also reviews minutes of the board on an ad hoc basis. For the adequacy of the accounting processes and policies, the BSD generally relies on the external auditor in accordance with Regulation 46 (3) which imposes the duty on the external auditor to report to the registrar any significant weaknesses in the system of internal control relating to financial regulatory reporting and compliance with the Act and Regulations which came to his attention. Regulation 42 requires banks to submit form BA020 for each person it wishes to appoint as a director or executive officer prior to the appointment. These applications are screened and consent is required from the registrar. The terms of Section 60 (6) allow the registrar to object to the appointment or continued employment of a chief executive officer, director or executive officer of a bank if the registrar reasonably believes that the person concerned is no longer fit and proper to hold that office or if the holding of such office by the person concerned is not in the interest of the public. Feedback obtained from banks on this process confirmed that this approval process is stringent and consistently applied. Regulation 49 requires banks to establish an independent compliance function and imposes minimum criteria on the compliance officer in terms of effectiveness, monitoring, reporting and resources. The Compliance officer is required to table a report at every meeting of the board of directors or Audit Committee. The BSD regularly meets with the compliance officer to assess and review compliance with this regulation. Regulation 48 outlines the required characteristics of the internal audit function. However, if the scale of a bank does not warrant a full time internal audit, the bank may agree alternative arrangements with the registrar (paragraph c, i and ii of Regulation 48). These exemptions have been granted to five banks and in these cases appropriately qualified accounting firms or individuals provide the internal audit service on an outsourced basis. The principles in Regulation 48 ensure independence of the internal audit function and adequate reporting lines toward management and the board. Internal audit is required to cover all activities of the bank to ensure the integrity and respect of its systems and internal controls. It has full access to all staff and to all functions, systems, and records of the bank as well as to outsourced functions. An Audit Committee, composed of a minimum of three non-executive members (Section 64(3)a of the Banks Act) must oversee the internal audit function. The supervisory assessment of the internal audit function is performed through annual bilateral meetings with the external auditors, where their view of the independence and competence of the bank’s internal audit function is solicited and the degree of reliance placed on the work performed by the bank’s internal audit function is clarified. In addition, the BSD indirectly assesses the quality of the internal audit function by a review of internal audit reports and a discussion with senior management, where appropriate. Furthermore, detailed prudential meetings are conducted with the internal audit function in order to directly assess the quality thereof. Regulation 47 imposes the duty on the bank to inform the registrar of any act of a member of the board of directors, an executive officer or an employee in charge of the risk management function that results or will probably result in the reputation of the bank being adversely affected. |
| Assessment | Compliant. |
| Comments | Corporate governance principles are in accordance with international standards, as they are inspired largely by the Basel Committee on Banking Supervision guidance with respect to internal audit and internal control. |
| Principle 18 | Abuse of financial services. Supervisors must be satisfied that banks have adequate policies and processes in place, including strict “know-your-customer” rules, that promote high ethical and professional standards in the financial sector and prevent the bank from being used, intentionally or unintentionally, for criminal activities. |
| Description | A Financial Intelligence Centre (FIC) has been created by the FIC Act (FICA) of 2001. Its principal objectives are to assist in the identification of the proceeds of unlawful activities and the combating of money laundering and financing of terrorist activities (FICA section 3). To achieve its objectives, the FIC must cooperate with other authorities, including supervisory bodies (FICA section 4). Each supervisory body remains responsible for supervising compliance with the FICA by the institutions it supervises (FICA section 45(1)). FICA section 42 requires “accountable institutions” (including banks) to formulate and implement internal rules relating to the identification of clients and procedures for determining when a transaction is reportable to the FIC, while section 43 requires that adequate training be provided to staff to enable them to comply with the applicable requirements. For banks, the know-your-customer requirements are further specified in BA Regulation 36(17)(a). In addition, Regulation 47 lists offences that have to be reported to the registrar, including any money laundering activity in which the bank was involved and which was not identified and reported in a timely manner as required by the FICA, as well as cases of market abuse and financial fraud within the bank, and other irregularities. Regulation 50 further details the policies and procedures that have to be in place to guard a bank against being used for market abuse and financial fraud, including money laundering, insider trading and market manipulation. By virtue of BA section 60A, each bank is required to establish an independent compliance function, the duties of which are spelled out in detail in Regulation 49. Finally, FIC Guidance Note 3 provides detailed guidance for banks on customer identification and verification. This includes the special measures that need to be put in place in respect of correspondent banking relationships and high risk accounts such as those for politically exposed persons. The BSD reviews banks’ adherence to the requirements set out in the Regulations and follows up on concerns. The BSD requests copies of policies and procedures to ensure that a bank guards against abuse of its systems and conducts regular internal audit and compliance meetings with individual banks at which issues will be raised. Focused reviews are occasionally utilized by the BSD to ascertain whether banks comply with the minimum requirements in respect of abuse of financial services. The BSD also receives regular reports from banks’ compliance officers. Banks’ Chief Executive Officers, Chief Accounting Officers and the Executive Officers responsible for FICA compliance have to sign on a monthly basis form BA 099, certifying that the bank has complied with all the relevant requirements of the FICA and the Regulations issued under it. A detailed review of FICA compliance at the largest banks was commissioned by the BSD from an external audit firm under BA section 7(1)(b) in 2005. Another detailed review by the BSD itself of FICA compliance at the other banks, including sampling of credit files and documentation, has been carried out in 2006/2007. The outcomes of these reviews have been discussed with each bank’s compliance officer and have resulted in letters from the BSD with bank-specific recommendations, the follow-up of which it monitors. For enforcement, the BSD may if called for use its general regulatory powers, e.g., calling into question the fitness and propriety of a bank’s directors or withholding approval for expansion of the bank’s activities. FICA section 38(1) provides civil and criminal immunity to any person complying in good faith with the requirements to provide information about fraudulent or suspicious transactions to the authorities. FICA section 36(1) requires the registrar to make a report to the FIC if he knows or suspects that, as a result of a transaction concluded by or with a bank, the bank wittingly or unwittingly has received or is about to receive the proceeds of unlawful activities, or has been used or may be used in future for money laundering purposes. FICA section 40 provides for the exchange of information pursuant to a written agreement between the FIC and the supervisory bodies and other entities such as investigating authorities inside or outside South Africa. |
| Assessment | Compliant. |
| Comments | The FICA and other relevant Acts are currently being revised to implement recommendations made during a FATF assessment in 2008. With respect to banks, the main FATF recommendation was that the BA should include a specific provision allowing the registrar to impose fines on banks for offences against the FICA requirements. The BSD should consider expanding its in-house expertise on FICA matters. For example, it has no forensic expertise. For this, it relies exclusively on external audit firms. The BSD should ensure that all the aspects listed in Essential Criteria 4, 8 and 9 of the Core Principles Methodology are specifically addressed in the SREP Manual. |
| Principle 19 | Supervisory approach. An effective banking supervisory system requires that supervisors develop and maintain a thorough understanding of the operations of individual banks and banking groups—and of the banking system as a whole—focusing on safety and soundness and the stability of the banking system. |
| Description | The BSD receives extensive information on each bank’s operations from a variety of sources, including prudential returns, on-site work, meetings with various bank officers, review of documentation and auditors’ reports. On the basis of the information received, all banks are classified each quarter as either high, medium or low risk banks. The classification is based on a two dimensional approach: on the one hand account is taken of a bank’s (or banking group’s) size and complexity (i.e., its systemic relevance), and on the other the size of the risks and the quality of the controls within a particular bank are considered. A list of all banks and their risk classifications is included in the BSD’s quarterly management information document, which is tabled and discussed on a quarterly basis at the BSD’s management committee meeting. The risk classification determines the length of the supervisory cycle pertaining to a particular bank and the supervisory resources to be allocated. A systemically important bank with low bank-specific risk would be on a twelve month cycle, as would a bank with low systemic relevance but high bank-specific risk. Banks that are classified as medium risk would be on a 18 month cycle and banks classified as low risk would be on a 24 month cycle. In the case of high risk banks full reviews would be conducted, while for low risk banks low intensity reviews would be conducted, e.g., on the basis of questionnaires. Notwithstanding this, a large high risk bank would obviously be allocated more supervisory resources than a small high risk bank. The BSD’s Research Section analyses data submitted by banks from a sector perspective. The results are presented and discussed by the department’s management and staff on a monthly basis. In addition, the BSD’s Risk Specialists, besides doing bank-specific work, also focus on specific risk areas on a sector-wide basis. Analysis of the banking system as a whole forms part of the BSD’s quarterly management information document. The BSD also receives information from a macroprudential perspective from the SARB’s Financial Stability Department, and shares its own work with this Department. There is a MOU between the BSD and the FSB. Regular supervisory meetings are held with the FSB to discuss developments at the largest significant systemic banking/insurance groups. The purpose of these meetings is to enhance information sharing, identify issues of mutual interest and to work together towards greater consistency of approach, where appropriate. Meetings are also held with the National Credit Regulator to exchange views on the credit environment. The BSD’s methodology for assessing individual banks’ risk profiles and planning supervisory work is described in the Department’s Supervisory Review and Evaluation Process (SREP) Manual. The Manual describes the SREP cycle as a continuous process involving supervisory planning, gathering information, forming a view on the main risk areas, undertaking focused reviews and feedback to the bank’s management, including possible remedial actions or an increase in the bank’s individual capital requirement. Stress testing is employed to reinforce the risk assessment system’s forward-looking elements. Many parts of the Manual are currently still in a draft stage. The BSD considers it to be a live document that presumably still has to grow. The SREP Manual is a relatively new concept and as a result, the BSD had to update and/or change most of its previous (under Basel I) policy and procedural documentation. The BSD is in the process of turning all the documents contained within the SREP Manual into “approved” policy documents which is a time-consuming exercise. A committee has been established within the BSD especially for such approvals and to monitor changes to approved documents, going forward. One of the issues addressed during the SREP cycle is a review of banks’ adherence to the requirements set out in the Regulations. Regulation 49 requires banks to have an independent compliance function that continuously monitors the bank’s compliance with all applicable requirements and reports to the bank’s board or audit committee, while supplying a copy of its reports to the registrar. The BSD utilizes an internal “compliance checklist” to ascertain whether banks comply with all prudential requirements. The BSD conducts compliance meetings with banks at which issues are raised and followed up on. There is no explicit requirement for banks to inform the registrar of substantive changes in their business or material adverse developments, but in practice the registrar is known to insist on this and banks comply without exception. All data submitted by banks via the prudential returns are available on the BSD’s Oracle IT system. The system automatically creates graphs and reports and is suitable for cross-bank analysis as well as analysis of time series. Trends analysis, adherence to minimum requirements and peer analysis are performed utilizing the automated reports and graphs. Monthly and quarterly reports to management are prepared that highlight major developments and facilitate the identification of areas requiring supervisory action. All correspondence from and to banks is captured on the Papertrail system. Issues requiring follow-up action are kept in a paper-based “Issues File” that according to BSD management functions perfectly well. |
| Assessment | Compliant. |
| Comments | According to industry sources, the BSD focuses on the important risk areas within a bank. The BSD’s approach to risk-based supervision could be further strengthened by developing an IT tool that integrates risk analysis, planning of supervisory work and monitoring of follow-up actions. The risk classification is done on Excel sheets, while the monitoring system for follow-up actions (the so-called Issues File) is paper-based. Interaction between the BSD and the FSB has been strengthened but can be still further improved, for example by conducting joint inspections at group level and by exchanging supervisory reports on individual groups. See also the comments under CP 24. The SREP Manual is conceptually sound and the BSD is encouraged to develop it further, in particular by including more detailed guidance for BSD staff in their day-to-day work, but without it becoming a checklist. |
| Principle 20 | Supervisory techniques. An effective banking supervisory system should consist of on-site and off-site supervision and regular contacts with bank management. |
| Description | The BSD employs a mix of on-site and off-site supervision to evaluate the condition of banks, their inherent risks and to determine the supervisory measures that may be needed to address any identified concerns. The appropriate mix is determined for each bank during the SREP cycle (see under Principle 20), which begins with the formulation of a written supervisory plan. The main purpose of the supervisory plan is to ensure a disciplined and comprehensive planning process that forms the foundation for supervisory actions, interactions with the bank, and interventions. As new information becomes available during the cycle, the supervisory plan is continuously updated. In addition, the BSD Strategic Planning Process is a high level forum where strategic risks are identified for the ongoing supervisory activities. On-site and off-site work for a particular bank is performed by the same teams of analysts and risk specialists, ensuring effective coordination and information sharing. At the bi-weekly BSD management committee meetings feedback is given by all participants on on-site meetings that were held since the previous meeting. The feedback then flows to the rest of the BSD employees at divisional meetings, and in-depth discussions take place at the meetings of analysts and risk specialists. At the weekly correspondence meetings, the BSD management team discusses all correspondence with banks to ensure consistency of treatment. Feedback on this is also given to the BSD staff. On-site work consists of focused reviews, but also of frequent meetings with a bank’s board and board committees and managers at various levels. Focused reviews may be carried out by the BSD’s own analysts, risk specialists or on-site review team. It may also be outsourced to external auditors, external risk consultants, or other advisors (e.g., lawyers or forensic experts). The BSD has a credit risk review team consisting of six specialists, as well as three specialists on market risk, four quantitative experts, two experts on capital issues, one specialist on consolidated supervision, one on operational risk, and one on disclosure issues. The credit risk review team has over the past two years devoted its attention to the correct application of the Basel II standardized approach to credit risk by banks and has not been available for other work on credit risk at the banks that are using this approach (e.g., sampling credit files). The number of other specialists is also small, particularly when account is taken of the BSD’s ambition to apply the latest international supervisory standards. The BSD does not have its own experts on important and increasingly specialized areas such as IT risk and forensic work. Relatively strong reliance is therefore placed on special assignments to external auditors. Off-site reviews are used to analyze prudential returns as well as other sources of information such as auditors’ reports and published financial statements. This may result in the identification of areas within a bank that require detailed or specialized on-site review. The Issues Files are continuously updated and monitored to identify required follow-up actions. The SREP Manual outlines all meetings to be held during the specified supervisory cycle with a bank’s board of directors, audit committee, external auditors, internal audit, compliance function, heads of risk areas and other bank employees, as identified by BSD analysts or risk specialists. ICAAP reviews also form part of the supervisory program. Separate meetings take place with the independent board members. One of the functions of the meetings with the board and senior managers is to assess their quality. Board minutes are reviewed on-site to gain an understanding of the board’s involvement in setting the bank’s risk appetite and approving policies and procedures, and to ascertain the nature and detail of the issues being discussed. Trilateral meetings of a bank’s board, its external auditors and the BSD are held during which feedback is provided by the BSD. The BSD also reviews internal audit reports and the audit plan. External auditors are asked for their view of the quality of internal audit and to explain how much reliance was placed on internal auditors at the bilateral meetings. The final stage of the SREP cycle entails informing the bank of the BSD’s findings and follow-up actions the bank is expected to take by means of a letter as well as meetings. |
| Assessment | Compliant. |
| Comments | The BSD should consider expanding its staff to allow it to do more work on credit risk and on specialized areas such as IT risk and forensic investigations. |
| Principle 21 | Supervisory reporting. Supervisors must have a means of collecting, reviewing, and analyzing prudential reports and statistical returns from banks on both a solo and a consolidated basis and a means of independent verification of these reports, through either on-site examinations or the use of external experts. |
| Description | BA section 7 provides the registrar with the authority to require banks, their subsidiaries and controlling companies to furnish him on a regular basis with such information as he may reasonably require for the performance of his functions under the Act. BA section 75 specifically states that banks shall furnish the registrar with returns relating to capital adequacy and liquidity at such intervals and in such a form as the registrar may prescribe. Regulation 7 lists a range of returns that have to be submitted. These include balance sheets, off-balance sheet activities, income statements, information on shareholders, various returns relating to credit risk, market risk, liquidity risk, operational risk, large exposures, and others. All returns have to be submitted both on a solo and a consolidated basis. The returns have to be prepared in accordance with the International Financial Reporting Standards (IFRS). The appropriate application of the IFRS results in returns that provide a fair representation of the financial position and the risks of the bank. All banks have to report in relation to the same dates and periods, allowing for meaningful peer group comparisons. Peer comparisons are generated automatically to assist analysis. The reporting frequency varies from daily (return on selected risk exposures) to annually (return on shareholders), with most returns having to be submitted either on a monthly (for solo supervision) or on a quarterly basis (for consolidated supervision). The BSD has implemented validation rules that help prevent banks from submitting incorrect data in the prudential returns. The BSD also verifies the quality of data submitted by banks by means of on-site and off-site work. A bank’s chief executive officer, chief accounting officer and executive officer responsible for compliance with the FICA have to certify with each submission of prudential returns that the data are correct. A bank’s external auditor has to report to the registrar whether the submitted returns at year-end are in his opinion materially correct and complete (Regulation 46). In addition, a bank’s external auditor has to inform the registrar throughout the year on any matter which may endanger the continued viability of the bank or its ability to repay depositors, or which is contrary to the principles of sound management and internal controls (BA section 63). At the bilateral meetings between the BSD and the external auditors, the auditors are asked whether they are aware of any “material shortcomings” at a bank. BA section 91 lists non-compliance with the obligation to submit accurate and timely prudential returns as an offence, while section 91A allows the registrar to impose penalties for offences under the BA. By virtue of BA section 6, the BSD has full access to all relevant information from banks, their parents and their subsidiaries, including internal management information. The BSD also has full access to banks’ boards, managers and staff and in fact meets with them frequently. BA sections 7 and 85B allow the registrar to order banks to appoint outside experts to investigate any matter that the registrar may specify and to report to him on that matter. |
| Assessment | Largely compliant. |
| Comments | Although the range of periodic prudential returns is fairly wide, some essential information is not reported to the BSD on a regular basis. This includes related party lending (ref. Principle 11) and country and transfer risk (ref. Principle 12). |
| Principle 22 | Accounting and disclosure. Supervisors must be satisfied that each bank maintains adequate records drawn up in accordance with accounting policies and practices that are widely accepted internationally and publishes, on a regular basis, information that fairly reflects its financial condition and profitability. |
| Description | International Financial Reporting Standards (IFRS) promulgated by the IASB were enacted as South African law in 2004. It is a prerequisite to be registered as a public company before conducting business as a bank (Section 11 of the Banks Act). As stipulated by the Companies Act Section 284, it is the duty of every company to keep financial records. The Companies Act also requires that financial statements are subject to audit and publication. For banks specifically, Section 61 of the Banks Act requires the approval of the appointed external auditor by the registrar. Should the bank for any reason fail to appoint an auditor, Section 62 allows the registrar to appoint one himself. In accordance with Regulation 40 (4), directors of a bank are also required to annually report to the registrar whether or not the bank’s internal controls provide reasonable assurance as to the integrity and reliability of the bank’s financial statements. Regulation 3 requires banks to prepare all relevant prudential returns to the registrar in accordance with Financial Reporting Standards and provides specific risk management guidance for the application of the fair value option. The instructions to the various BA reporting forms also instruct banks as to the form of presentation and valuation methods. The registrar has the power to request external auditors to review areas outside normal audit procedures (Section 7 (1)b of the Banks Act). As described under Core Principle 8, under Regulation 46 (4) the external auditor also reports annually to the registrar on certain aspects of credit risk management for all banks. With regard to disclosure, Regulation 43 imposes specific qualitative and quantitative disclosure obligations on banks and requires banks to have a disclosure policy. The scope and level of detail of these disclosures are commensurate with the size and complexity of a bank’s operation. They are also aligned with Pillar 3 under the Basel II framework. In case banks do not comply with the required disclosures, the registrar can turn to the enforcement powers and remedial actions under the Banking Act and the Regulations. The registrar publishes periodic aggregated information on the banking system sourced from the prudential returns. A monthly overview of banking sector trends, including capital ratios, impaired advances, profitability indicators and balance sheet structure is also disclosed. Frequent interaction between the BSD and the external auditors (bilateral meetings) is an integral part of the BSD’s supervisory approach. Section 63 (1) of the Banking Act details the reporting duties of the auditor to the BSD. These include matters of material significance and the power of the registrar to require additional information relating to the matters listed. Paragraph 3 of Section 63 ensures that the auditor cannot be held liable for breach of a duty of confidentiality when reporting in good faith. Banks Act Directive 6/2008 establishes auditor rotation rules. The rotation of auditors does not require the rotation of the audit firm but rather the rotation of an audit firm’s lead and engagement partners. As indicated above, enforcement of these rules is materialized by the power of the registrar to refuse an external auditor. Although the registrar has no unfettered access to the working papers of the auditors, he can issue a directive to an auditor requiring him to provide the registrar with information or documents on a specific issue. |
| Assessment | Compliant. |
| Comments | |
| Principle 23 | Corrective and remedial powers of supervisors. Supervisors must have at their disposal an adequate range of supervisory tools to bring about timely corrective actions. This includes the ability, where appropriate, to revoke the banking license or to recommend its revocation. |
| Description | Throughout the SREP cycle, the BSD presents and discusses outcomes of reviews with the banks at meetings with the CEO, internal audit, compliance, heads of various risk areas, heads of business units and bilateral meetings with external auditors, as well as at the so-called graph discussions. Where areas of concern are identified, on-site reviews will take place, followed by feedback letters with requests for regular progress reports by the bank to BSD on required actions. Issues will be registered in the Issues File and progress will be monitored closely and followed up regularly. The BSD meets with boards of directors and has a trilateral meeting with the bank’s audit committee, external and internal audit at the end of the SREP cycle. Outside the formal SREP cycle, the registrar will personally contact bank CEOs on any concerns he may have at any time. Under BA section 25, the registrar can apply to a competent court for an order for cancellation or suspension of the registration of a bank. Pending the court order, the bank can continue its operations. In lieu of applying for a court order, the registrar may also restrict the activities of the bank in such respects as he may determine (BA section 26). Where a bank has obtained registration by submitting false or misleading information, or—in the case of a foreign bank operating in South Africa – where the home supervisor has revoked the parent bank’s license, the registrar needs the consent of the minister to cancel the bank’s registration (BA section 23). In these cases, the registrar need not go to a court. However, before restricting the activities of a bank under section 26, or cancelling or suspending the registration under section 23, the registrar needs to inform the bank of his intentions, explain the reasons, and allow the bank at least 30 days to argue why its registration should not be cancelled or suspended (BA section 24). As in the case where a court order is pending, the bank can in the meantime continue its operations without any restrictions. BA section 69 allows the minister to appoint a curator to a bank if the registrar is of the opinion that the bank will be unable to meet its obligations. However, for the appointment of a curator the written consent of the CEO or the chairperson of the board of the bank is required. The BA provides the registrar with an appropriate range of tools to address issues in banks on a going concern basis, including issuing directives to banks individually or collectively (BA section 6(6)(a)), raising an individual bank’s capital requirement or requiring the bank to strengthen its risk management and internal controls (Regulation 38(4)), declaring that a bank’s CEO or other officer is no longer fit and proper (BA section 60(6)(a)), imposing fines (BA section 91A), seeking court decisions on offences committed by a bank or its officers, or taking the initiative for a cancellation or suspension of a bank’s registration. Especially the registrar’s power to increase a bank’s individual capital requirement or to derecognize the fitness and propriety of its executive officers, enable him to make banks take such action as he deems necessary. The common law principles and prescriptions of the administrative law provide that an administrative action or decision should not only be appropriate and equitable, but should also be carried out without undue delay. Undue delays by the registrar that are also found to be in bad faith might result in the SARB or the registrar being liable for any damage caused by such a delay. BA section 70A(1)(b) allows for ring-fencing of a bank from the unregulated entities in a group. Under the MOU between the BSD and the FSB, the BSD would inform the FSB of material information (including remedial supervisory action) in respect of a bank that is part of a group that includes entities that are supervised by the FSB. |
| Assessment | Materially non-compliant. |
| Comments | The severe limitations on the registrar’s authority to cancel or suspend a bank’s license or to restrict a bank’s activities (BA sections 23–26), in particular the delay of at least 30 days between the announcement of such measures to a bank and their actual application, call seriously into question his ability to use these supervisory powers decisively, expediently and effectively. The same comment applies to the registrar’s inability to appoint a curator without the consent of the CEO or the chairperson of the board of the bank concerned, |
| Principle 24 | Consolidated supervision. An essential element of banking supervision is that supervisors supervise the banking group on a consolidated basis, adequately monitoring and, as appropriate, applying prudential norms to all aspects of the business conducted by the group worldwide. |
| Description | Banks and their controlling companies have to provide the registrar annually with detailed qualitative information on major shareholders, legal and operational group structure, strategy, risk management, business activities, etc (Regulation 36(8)(a)). Under Regulation 56(2)(a)(ix)(C), all banking groups have to submit a detailed organization chart biannually reflecting all interests under the bank or the controlling company. Additional information has to be provided to the registrar on his request (Regulation 36(8)(b)). Quantitative information on a consolidated basis relating to group capital adequacy, intragroup exposures, group large exposures (including related party exposures) and group foreign exchange exposures has to be reported quarterly (form BA 600); this includes information on significant non-banking financial activities and commercial activities. All significant entities (financial and non-financial) are listed on a line-by-line basis on the form BA 600 which enables the BSD to evaluate the risk an entity may pose on the banking group. As part of the supervisory review cycle, meetings are held with banks to discuss matters relating to the consolidated group. For each of the five largest banking groups, the BSD has a dedicated consolidated supervision analyst, and there is one consolidated supervision specialist. BA sections 70A and 73 allow prudential standards to be set for a banking group relating to capital requirements and concentration risk, respectively. Detailed standards including qualitative requirements have been set in Regulations 36 (Consolidated supervision), 37 (Consolidated supervision: foreign operations of South African banks), 38 (Capital adequacy on a solo and a consolidated basis) and 45 (Consolidated financial statements). BA sections 6 and 7 allow the BSD to obtain information from parent companies and their subsidiaries. BA section 4(4) lists the powers of the registrar under the supervisory review process. These powers include on-site and off-site review of banks or controlling companies and their branches, subsidiaries or related entities both within and outside South Africa, as well as discussions with board members, executive officers and risk managers, and a review of the work done by external auditors. BA section 52 requires the registrar’s prior written approval for establishing or acquiring a subsidiary or a branch, investing in joint ventures, and acquiring an interest in any undertaking registered outside South Africa. For all applications in terms of BA section 52, the BSD has a Section 52 Committee which will consider the impact that the proposed investment could have on the banking group, and the BSD may reject an application. The Committee will take into account the nature and extent of work carried out by the host supervisor. In case a bank is owned by an insurance company, the BSD cannot impose prudential standards on the group; such cases are covered in the regular meetings with the FSB which would in these cases as lead regulator have the wider responsibility for group oversight (the banking sub-group is subject to BSD consolidated supervision). For the acquisition or establishment of South African operations by foreign banks and cross-border banking operations by South African banks, the BSD requires the establishment of a MOU with the cross-border banking supervisor concerned. In several cases the BSD has rejected such applications because a MOU could not be established due to legal requirements in the foreign country concerned. MOUs are in place between the SARB’s BSD on the one hand and the FSB and thirteen foreign bank supervisory authorities on the other. The BSD occasionally sends staff abroad to meet with host supervisors and to conduct on-site work at the foreign operations of South African banks. Conversely, foreign bank supervisors come to South Africa to meet with the BSD and review the local operations of banks from their country. MOUs between the SARB and a further twenty-one foreign supervisors, as well as the FIC and the NCR, are in various stages of preparation. The BSD convenes ad-hoc meetings with foreign supervisors to promote the resolution of supervisory problems concerning a cross-border establishment in the respective other jurisdictions, whenever either side reasonably requests this on ground of a material supervisory concern. Quarterly meetings take place between the BSD and the FSB to discuss groups that have both banking activities and financial activities that are supervised by the FSB. Qualitative and quantitative information pertaining to each of the five major groups individually is exchanged and supervisory concerns are addressed. In addition, quarterly meetings are held between the BSD, the FSB and the SARB’s Financial Stability Department where financial sector developments are discussed. Supervisory reports are exchanged between the BSD and the FSB on an exceptions basis. There have been occasional joint meetings of the BSD and the FSB with senior management of banks. Meetings are held with banks to discuss the consolidated group and its corporate governance structures and management of risks and activities. Issues relating to the bank’s foreign operations, including branches, joint ventures and subsidiaries, are addressed. In addition, a quarterly return is submitted for all banking groups’ cross-border banking operations (form BA 610). Under Regulation 46, external auditors are required to issue a report on each foreign banking operation, which reports are reviewed and discussed at the trilateral meetings. Senior management appointments at the foreign banking operations of South African banks are subject to fitness and propriety testing by the BSD. The foreign operations are expected to report to the BSD on all interactions with their host supervisor. Under BA section 26, the BSD may restrict a bank’s activities (e.g., its foreign operations) if it has failed to comply with a requirement of the BA. |
| Assessment | Compliant. |
| Comments | Interaction between the BSD and the FSB can be further improved, e.g., by conducting joint inspections at group level and by exchanging supervisory reports on individual groups on a regular basis. Temporary secondments of staff would help to improve understanding of each others’ approaches and work methods and would facilitate communication at the operational level. Consideration could also be given to harmonization of regulatory requirements in areas of common interest, such as corporate governance and fitness and propriety. The power of the BSD to establish and enforce fit and proper standards for owners and senior managers of parent companies of banks is not clearly stated in the BA (ref. AC 1). |
| Principle 25 | Home-host relationships. Cross-border consolidated supervision requires cooperation and information exchange between home supervisors and the various other supervisors involved, primarily host banking supervisors. Banking supervisors must require the local operations of foreign banks to be conducted to the same standards as those required of domestic institutions. |
| Description | Section 4(3) of the Bank’s Act gives the registrar the authority to enter into written cooperation agreements, such as memoranda of understanding (MOU), with a host supervisor or a home supervisor and lists the various forms of cooperation that may exist. Section 89 (b) of the Bank’s Act allows the registrar, under certain conditions, to furnish information to an authority in another country for the purposes of bank supervision. The SARB has Memoranda of Understanding (MOU) with a number of authorities where South African banks have established significant operations They establish a formal basis for cooperation, including the exchange of information and cover many, but not all of the supervisory agencies with which the BSD has home/host relationships. Although the BSD does not exchange prudential risk assessments and reports on specific prudential meetings and visits, the level and detail of information exchanged with home and host supervisors appears to be adequate in view of the size and complexity of the cross border operations of the bank or banking group. The SREP Manual section on “Consolidated Supervision” Home/Host Policy and procedures requires that in case the BSD takes action on the basis of information received from another supervisor, it would consult with that other supervisor before taking action. However, this has not yet occurred in practice. Finally, the BSD has developed very close working relationships with the UK FSA and the Hong Kong Monetary Authority, which materialized in several joint on model validation visits during the Basel II implementation process. BSD as home supervisor Under Section 52 of the Bank’s Act, a bank needs prior approval of the registrar to establish a subsidiary or other operation abroad. For the establishment of a cross border banking operation, the BSD requires an MOU to be established. When reviewing the foreign operations of its banks on site, the BSD meets with the host supervisor to discuss the overall operations of the bank group. Should the operations of a particular bank group cause serious concern, it will promptly contact the host supervisors and inform them of the issues. The SREP manual explicitly addresses onsite examinations of foreign operations of South African banks. The BSD also receives regular prudential reporting as well as the external auditors credit risk report required under Regulation 46 (4) of the foreign operations of its domestic banks. The BSD hosted the first College of African bank supervisors in 2007 to discuss ways of managing Basel II implementation in relation to Standard Bank Group Ltd. Another college meeting is planned in 2010. BSD as host supervisor The BSD requires all foreign branches and subsidiaries of international banks to comply with the requirements (including capital adequacy requirements for branches) of the Bank’s Act and the Regulations. When the BSD acts as a host supervisor, it requires the establishment of an MOU and it ensures that the home supervisor has no objections in accordance with branch regulations (1)(6)(b)(i). Section 18A (3)b of the Bank’s Act also requires the foreign institution to lodge a written application which includes information with regard to the application of consolidated supervision in the home country. As part of the licensing process, the legal department of the BSD establishes contact with the home supervisor. Home supervisors are given on-site access to branches and subsidiaries of a cross border banking group in accordance with Section 4(3)c and several onsite inspections by foreign authorities have taken place. The BSD is a member of several supervisory colleges of international banks and regularly attends the meetings. It provides information to home supervisors during the college meetings or on an ad hoc basis, when required. The BSD does not permit the creation of shell banks and booking offices. |
| Assessment | Compliant. |
| Comments |
1.
South Africa: Summary of Compliance with the Basel Core Principles
C: Compliant.
LC: Largely compliant.
MNC: Materially noncompliant.
NC: Noncompliant.
NA: Not applicable.
1.
South Africa: Summary of Compliance with the Basel Core Principles
| Core Principle | Grading | Comments |
|---|---|---|
| 1. Objectives, Autonomy, Powers, and Resources | ||
| 1.1 Responsibilities and Objectives | Compliant | |
| 1.2 Independence, Accountability, Transparency | Compliant | |
| 1.3 Legal framework | Largely Compliant | It is not the registrar but the minister of finance who is responsible for setting prudential regulations. Prescribed prudential returns and instructions for their completion are included in the regulations issued by the minister. The registrar’s formal role in this respect is limited to issuing circulars with guidelines regarding the application and interpretation of the provisions of the Act (BA section 6(4)). In practice, however, it is the registrar who takes the initiative for changes to regulations and who prepares the drafts that are issued for consultation. |
| 1.4 Legal powers | Largely Compliant | In order to ensure that the registrar’s ability to act decisively when banks encounter serious difficulties will not be hampered, the minister’s role in supervisory remedial actions and the required consent of the bank’s CEO or chairperson for the appointment of a curator need to be reconsidered.. |
| 1.5 Legal protection | Compliant | |
| 1.6 Cooperation | Compliant | |
| 2. Permissible Activities | Compliant | |
| 3. Licensing Criteria | Compliant | The BSD is in the process of including “…the detection and prevention of criminal activities …” in form BA 002 (Application for Authorization/Registration) as well as Regulation 39 section (5) (minimum requirements for risk management processes, policies and procedures). |
| 4. Transfer of Significant Ownership | Compliant | Consider introducing a specific legal requirement for banks to notify the BSD of material information that negatively affects the suitability of its shareholders. The threshold of 15 percent beyond which supervisory approval is needed for acquiring shares in a bank appears to be rather high by international comparison—many countries have set the threshold at either 5 or 10 percent of a bank’s capital—but in the BSD’s experience this has not caused any problems. |
| 5. Major Acquisitions | Largely Compliant | The Banks Act and the Regulations do not define the amounts (absolute or in relation to a bank’s capital) of investments by a bank in a subsidiary that need prior supervisory approval. Neither are the criteria specified that the registrar uses for approving or disapproving proposed investments in subsidiaries and joint ventures, although to some extent these are implicit in the information that has to be submitted with an application for permission for acquisitions or investments (Regulation 56). Neither does the Banks Act nor any Regulation or BSD circular clearly indicate for which cases notification after the investment or acquisition is sufficient. Apparently all acquisitions and investments, no matter how small, require the registrar’s prior approval. The efficiency of the BSD’s use of resources might be increased, and the burden that supervision puts on the banks might be reduced, by exempting investments and acquisitions under a certain threshold from prior approval. |
| 6. Capital Adequacy | Largely Compliant | The BSD is to be commended for its early adoption and full implementation of the Basel II framework in an emerging market environment on 1 January 2008, and its continuous efforts to remain in line with subsequent international developments. There is no explicit power for the registrar to revoke the use of the advanced approaches for credit or market risk. Although the accreditation conditions point out that banks need the registrar’s prior written approval and banks are continuously required to meet the advanced model user conditions, an explicit revocation power should be added to the regulation, similar to Regulation 33(6) on operational risk. |
| 7. Risk Management Process | Compliant | |
| 8. Credit Risk | Compliant | |
| 9. Problem Assets, Provisions and Reserves | Largely Compliant | BSD relies, as part of its supervisory approach, on the FRS provisions as audited by the external auditor and the outcomes of the external auditors report under Regulation 46 (4). It is recommended that more specific qualitative guidance on the BSD’s requirements be provided to the external auditors and/or the banks to ensure that all the essential criteria of this core principle are addressed. This applies in particular to areas such as the periodical assessment of the value of risk mitigants, the periodic review of problem assets, the adequacy of organizational resources for identification, the oversight and collection of problem assets, and the timely and appropriate information to the board of the condition of the asset portfolio. The BSD should also clarify its expectations with regard to forward looking provisioning for prudential purposes with banks and/or external auditors. More explicitly, a general allowance for credit impairment is not a clearly defined concept under IFRS and part of it may be included in Tier 2 capital. |
| 10. Large Exposure Limits | Compliant | |
| 11. Exposures to Related Parties | Materially Noncompliant | The BSD does not obtain on a regular basis comprehensive information on banks’ aggregate exposures to related parties. It is currently considering the inclusion of related party exposures as a separate reportable item on form BA 600 (Consolidated return which already includes reporting of group large exposures). Neither does the BSD obtain regular information on individual related party exposures, which makes it doubtful whether it would be able to use its authority to instruct a bank to deduct such exposures from its capital effectively. The BSD does not yet require that transactions with related parties and the write-off of related party exposures exceeding specified amounts or otherwise posing special risk are subject to prior approval by the bank’s board. However, it is currently in the process of proposing amendments to Regulation 36(15) to include these requirements, as well as a requirement that persons benefiting from a particular exposure shall not be responsible for managing that exposure. In addition, there is no specific requirement for banks to have policies and processes to identify individual exposures to related parties. Prior board approval is not yet required for a bank’s transactions with related parties in excess of specified amounts. An amendment to Regulation 36 incorporating such a requirement is currently under preparation. |
| 12. Country and Transfer Risks | Materially Noncompliant | A regulation specifically dealing with country and transfer risk should be promulgated since these are material risks to some of the banks. The granularity of regional exposures on form BA210 should be increased so that the BSD is in a position to monitor country and transfer risk on an ongoing basis. |
| 13. Market Risks | Compliant | |
| 14. Liquidity Risk | Compliant | In view of banks’ reliance on wholesale funding, and the resulting high degree of concentration of liabilities, the BSD should continue to closely monitor banks’ liquidity management, including periodic review of liquidity stress testing and contingency planning. Where material exposures to foreign currencies exist, the BSD should ensure that its ALM reviews include a more in-depth analysis of banks’ stress testing of foreign currency liquidity strategies, and that the results of such stress testing are a factor in determining the appropriateness of mismatches. |
| 15. Operational Risk | Largely Compliant | It is recommended that the BSD prioritize IT capacity building within its specialist risk areas in order to enable it to assess fully and adequately all aspects of banks’ operational risk management and thus to reduce reliance on the work on IT systems carried out by external auditors as part of their certification of the annual accounts. Board awareness for business continuity was raised in 2006 but the BSD should clarify its requirements into a regulation so that supervisory expectations are clear. |
| 16. Interest Rate Risk in the Banking Book | Compliant | |
| 17. Internal Control and Audit | Compliant | Corporate governance principles are in accordance with international standards, as they are inspired largely by the Basel Committee on Banking Supervision guidance with respect to internal audit and internal control. |
| 18. Abuse of Financial Services | Compliant | The FICA and other relevant Acts are currently being revised to implement recommendations made during a FATF assessment in 2008. With respect to banks, the main FATF recommendation was that the BA should include a specific provision allowing the registrar to impose fines on banks for offences against the FICA requirements. The BSD should consider expanding its in-house expertise on FICA matters. For example, it has no forensic expertise. For this, it relies exclusively on external audit firms. The BSD should ensure that all the aspects listed in Essential Criteria 4, 8 and 9 of the Core Principles Methodology are specifically addressed in the SREP Manual. |
| 19. Supervisory Approach | Compliant | According to industry sources, the BSD focuses on the important risk areas within a bank. The BSD’s approach to risk-based supervision could be further strengthened by developing an IT tool that integrates risk analysis, planning of supervisory work and monitoring of follow-up actions. The risk classification is done on Excel sheets, while the monitoring system for follow-up actions (the so-called Issues File) is paper-based. Interaction between the BSD and the FSB has been strengthened but can be still further improved, for example by conducting joint inspections at group level and by exchanging supervisory reports on individual groups. See also the comments under CP 24. The SREP Manual is conceptually sound and the BSD is encouraged to develop it further, in particular by including more detailed guidance for BSD staff in their day-to-day work, but without it becoming a checklist. |
| 20. Supervisory Techniques | Compliant | The BSD should consider expanding its staff to allow it to do more work on credit risk and on specialized areas such as IT risk and forensic investigations. |
| 21. Supervisory Reporting | Largely Compliant | Although the range of periodic prudential returns is fairly wide, some essential information is not reported to the BSD on a regular basis. This includes related party lending (ref. Principle 11) and country and transfer risk (ref. Principle 12). |
| 22. Accounting and Disclosure | Compliant | |
| 23. Corrective & Remedial Powers of Supervisors | Materially Noncompliant | The severe limitations on the registrar’s authority to cancel or suspend a bank’s license or to restrict a bank’s activities (BA sections 23–26), in particular the delay of at least 30 days between the announcement of such measures to a bank and their actual application, call seriously into question his ability to use these supervisory powers decisively, expediently and effectively. The same comment applies to the registrar’s inability to appoint a curator without the consent of the CEO or the chairperson of the board of the bank concerned. |
| 24. Consolidated Supervision | Compliant | Interaction between the BSD and the FSB can be further improved, e.g., by conducting joint inspections at group level and by exchanging supervisory reports on individual groups on a regular basis. Temporary secondments of staff would help to improve understanding of each others’ approaches and work methods and would facilitate communication at the operational level. Consideration could also be given to harmonization of regulatory requirements in areas of common interest, such as corporate governance and fitness and propriety. The power of the BSD to establish and enforce fit and proper standards for owners and senior managers of parent companies of banks is not clearly stated in the BA (ref. AC 1). |
| 25. Home-Host Relationships | Compliant |
C: Compliant.
LC: Largely compliant.
MNC: Materially noncompliant.
NC: Noncompliant.
NA: Not applicable.
1.
South Africa: Summary of Compliance with the Basel Core Principles
| Core Principle | Grading | Comments |
|---|---|---|
| 1. Objectives, Autonomy, Powers, and Resources | ||
| 1.1 Responsibilities and Objectives | Compliant | |
| 1.2 Independence, Accountability, Transparency | Compliant | |
| 1.3 Legal framework | Largely Compliant | It is not the registrar but the minister of finance who is responsible for setting prudential regulations. Prescribed prudential returns and instructions for their completion are included in the regulations issued by the minister. The registrar’s formal role in this respect is limited to issuing circulars with guidelines regarding the application and interpretation of the provisions of the Act (BA section 6(4)). In practice, however, it is the registrar who takes the initiative for changes to regulations and who prepares the drafts that are issued for consultation. |
| 1.4 Legal powers | Largely Compliant | In order to ensure that the registrar’s ability to act decisively when banks encounter serious difficulties will not be hampered, the minister’s role in supervisory remedial actions and the required consent of the bank’s CEO or chairperson for the appointment of a curator need to be reconsidered.. |
| 1.5 Legal protection | Compliant | |
| 1.6 Cooperation | Compliant | |
| 2. Permissible Activities | Compliant | |
| 3. Licensing Criteria | Compliant | The BSD is in the process of including “…the detection and prevention of criminal activities …” in form BA 002 (Application for Authorization/Registration) as well as Regulation 39 section (5) (minimum requirements for risk management processes, policies and procedures). |
| 4. Transfer of Significant Ownership | Compliant | Consider introducing a specific legal requirement for banks to notify the BSD of material information that negatively affects the suitability of its shareholders. The threshold of 15 percent beyond which supervisory approval is needed for acquiring shares in a bank appears to be rather high by international comparison—many countries have set the threshold at either 5 or 10 percent of a bank’s capital—but in the BSD’s experience this has not caused any problems. |
| 5. Major Acquisitions | Largely Compliant | The Banks Act and the Regulations do not define the amounts (absolute or in relation to a bank’s capital) of investments by a bank in a subsidiary that need prior supervisory approval. Neither are the criteria specified that the registrar uses for approving or disapproving proposed investments in subsidiaries and joint ventures, although to some extent these are implicit in the information that has to be submitted with an application for permission for acquisitions or investments (Regulation 56). Neither does the Banks Act nor any Regulation or BSD circular clearly indicate for which cases notification after the investment or acquisition is sufficient. Apparently all acquisitions and investments, no matter how small, require the registrar’s prior approval. The efficiency of the BSD’s use of resources might be increased, and the burden that supervision puts on the banks might be reduced, by exempting investments and acquisitions under a certain threshold from prior approval. |
| 6. Capital Adequacy | Largely Compliant | The BSD is to be commended for its early adoption and full implementation of the Basel II framework in an emerging market environment on 1 January 2008, and its continuous efforts to remain in line with subsequent international developments. There is no explicit power for the registrar to revoke the use of the advanced approaches for credit or market risk. Although the accreditation conditions point out that banks need the registrar’s prior written approval and banks are continuously required to meet the advanced model user conditions, an explicit revocation power should be added to the regulation, similar to Regulation 33(6) on operational risk. |
| 7. Risk Management Process | Compliant | |
| 8. Credit Risk | Compliant | |
| 9. Problem Assets, Provisions and Reserves | Largely Compliant | BSD relies, as part of its supervisory approach, on the FRS provisions as audited by the external auditor and the outcomes of the external auditors report under Regulation 46 (4). It is recommended that more specific qualitative guidance on the BSD’s requirements be provided to the external auditors and/or the banks to ensure that all the essential criteria of this core principle are addressed. This applies in particular to areas such as the periodical assessment of the value of risk mitigants, the periodic review of problem assets, the adequacy of organizational resources for identification, the oversight and collection of problem assets, and the timely and appropriate information to the board of the condition of the asset portfolio. The BSD should also clarify its expectations with regard to forward looking provisioning for prudential purposes with banks and/or external auditors. More explicitly, a general allowance for credit impairment is not a clearly defined concept under IFRS and part of it may be included in Tier 2 capital. |
| 10. Large Exposure Limits | Compliant | |
| 11. Exposures to Related Parties | Materially Noncompliant | The BSD does not obtain on a regular basis comprehensive information on banks’ aggregate exposures to related parties. It is currently considering the inclusion of related party exposures as a separate reportable item on form BA 600 (Consolidated return which already includes reporting of group large exposures). Neither does the BSD obtain regular information on individual related party exposures, which makes it doubtful whether it would be able to use its authority to instruct a bank to deduct such exposures from its capital effectively. The BSD does not yet require that transactions with related parties and the write-off of related party exposures exceeding specified amounts or otherwise posing special risk are subject to prior approval by the bank’s board. However, it is currently in the process of proposing amendments to Regulation 36(15) to include these requirements, as well as a requirement that persons benefiting from a particular exposure shall not be responsible for managing that exposure. In addition, there is no specific requirement for banks to have policies and processes to identify individual exposures to related parties. Prior board approval is not yet required for a bank’s transactions with related parties in excess of specified amounts. An amendment to Regulation 36 incorporating such a requirement is currently under preparation. |
| 12. Country and Transfer Risks | Materially Noncompliant | A regulation specifically dealing with country and transfer risk should be promulgated since these are material risks to some of the banks. The granularity of regional exposures on form BA210 should be increased so that the BSD is in a position to monitor country and transfer risk on an ongoing basis. |
| 13. Market Risks | Compliant | |
| 14. Liquidity Risk | Compliant | In view of banks’ reliance on wholesale funding, and the resulting high degree of concentration of liabilities, the BSD should continue to closely monitor banks’ liquidity management, including periodic review of liquidity stress testing and contingency planning. Where material exposures to foreign currencies exist, the BSD should ensure that its ALM reviews include a more in-depth analysis of banks’ stress testing of foreign currency liquidity strategies, and that the results of such stress testing are a factor in determining the appropriateness of mismatches. |
| 15. Operational Risk | Largely Compliant | It is recommended that the BSD prioritize IT capacity building within its specialist risk areas in order to enable it to assess fully and adequately all aspects of banks’ operational risk management and thus to reduce reliance on the work on IT systems carried out by external auditors as part of their certification of the annual accounts. Board awareness for business continuity was raised in 2006 but the BSD should clarify its requirements into a regulation so that supervisory expectations are clear. |
| 16. Interest Rate Risk in the Banking Book | Compliant | |
| 17. Internal Control and Audit | Compliant | Corporate governance principles are in accordance with international standards, as they are inspired largely by the Basel Committee on Banking Supervision guidance with respect to internal audit and internal control. |
| 18. Abuse of Financial Services | Compliant | The FICA and other relevant Acts are currently being revised to implement recommendations made during a FATF assessment in 2008. With respect to banks, the main FATF recommendation was that the BA should include a specific provision allowing the registrar to impose fines on banks for offences against the FICA requirements. The BSD should consider expanding its in-house expertise on FICA matters. For example, it has no forensic expertise. For this, it relies exclusively on external audit firms. The BSD should ensure that all the aspects listed in Essential Criteria 4, 8 and 9 of the Core Principles Methodology are specifically addressed in the SREP Manual. |
| 19. Supervisory Approach | Compliant | According to industry sources, the BSD focuses on the important risk areas within a bank. The BSD’s approach to risk-based supervision could be further strengthened by developing an IT tool that integrates risk analysis, planning of supervisory work and monitoring of follow-up actions. The risk classification is done on Excel sheets, while the monitoring system for follow-up actions (the so-called Issues File) is paper-based. Interaction between the BSD and the FSB has been strengthened but can be still further improved, for example by conducting joint inspections at group level and by exchanging supervisory reports on individual groups. See also the comments under CP 24. The SREP Manual is conceptually sound and the BSD is encouraged to develop it further, in particular by including more detailed guidance for BSD staff in their day-to-day work, but without it becoming a checklist. |
| 20. Supervisory Techniques | Compliant | The BSD should consider expanding its staff to allow it to do more work on credit risk and on specialized areas such as IT risk and forensic investigations. |
| 21. Supervisory Reporting | Largely Compliant | Although the range of periodic prudential returns is fairly wide, some essential information is not reported to the BSD on a regular basis. This includes related party lending (ref. Principle 11) and country and transfer risk (ref. Principle 12). |
| 22. Accounting and Disclosure | Compliant | |
| 23. Corrective & Remedial Powers of Supervisors | Materially Noncompliant | The severe limitations on the registrar’s authority to cancel or suspend a bank’s license or to restrict a bank’s activities (BA sections 23–26), in particular the delay of at least 30 days between the announcement of such measures to a bank and their actual application, call seriously into question his ability to use these supervisory powers decisively, expediently and effectively. The same comment applies to the registrar’s inability to appoint a curator without the consent of the CEO or the chairperson of the board of the bank concerned. |
| 24. Consolidated Supervision | Compliant | Interaction between the BSD and the FSB can be further improved, e.g., by conducting joint inspections at group level and by exchanging supervisory reports on individual groups on a regular basis. Temporary secondments of staff would help to improve understanding of each others’ approaches and work methods and would facilitate communication at the operational level. Consideration could also be given to harmonization of regulatory requirements in areas of common interest, such as corporate governance and fitness and propriety. The power of the BSD to establish and enforce fit and proper standards for owners and senior managers of parent companies of banks is not clearly stated in the BA (ref. AC 1). |
| 25. Home-Host Relationships | Compliant |
C: Compliant.
LC: Largely compliant.
MNC: Materially noncompliant.
NC: Noncompliant.
NA: Not applicable.
III. Recommended Action Plan and Authorities’ Response to the Assessment
A. Recommended Action Plan
Table 2.
South Africa: Recommended Action Plan to Improve Compliance with the Basel Core Principles
Table 2.
South Africa: Recommended Action Plan to Improve Compliance with the Basel Core Principles
| Reference Principle | Recommended Action |
|---|---|
| Objectives, Independence, Powers, Transparency and Cooperation (CP1) | Enlarge the scope for the registrar to take remedial action without the minister’s prior consent. Reconsider the required consent of the bank’s CEO or chairperson for the appointment of a curator. |
| Permissible Activities (CP 2) | |
| Licensing criteria (CP3) | |
| Transfer of Significant Ownership (CP4) | Consider requiring banks to notify the BSD of material adverse information on the suitability of shareholders. |
| Major Acquisitions (CP 5) | Specify the amounts that banks may invest in subsidiaries and the criteria the BSD uses for assessing proposed investments in subsidiaries. |
| Capital adequacy (CP6) | Introduce an explicit revocation power of the registrar’s approval of the use of advanced approaches for the calculation of regulatory capital for market risk and credit risk. |
| Risk management Process (CP 7) | |
| Credit risk (CP8) | |
| Problem assets, Provisions and Reserves (CP 9) | The BSD relies, as part of its supervisory approach, on the FRS provisions as audited by the external auditor and the outcomes of the external auditors report under Regulation 46 (4). Consider providing more specific qualitative guidance on the BSD’s requirements to the external auditors and/or the banks to ensure that all the essential criteria of this core principle are addressed. Clarify BSD expectations with regard to forward looking provisioning for prudential purposes with banks and/or external auditors. |
| Large Exposure Limits (CP10) | |
| Exposures to Related Parties (CP 11) | Obtain regular returns on banks’ aggregate and individual exposures to related parties. |
| Country and Transfer Risks (CP 12) | Promulgate a regulation specifically dealing with country and transfer risk. Increase the granularity of regional exposures on BA610. Provide more guidance on the scope of the work done by the external auditors under Regulation 46 (4) |
| Market Risk (CP 13) | |
| Liquidity Risk (CP 14) | Continue closely monitoring banks’ liquidity management, including stress testing and contingency planning. |
| Operational Risk (CP 15) | Prioritize IT capacity building within BSD specialist risk areas in order to enable it to assess fully and adequately all aspects of banks’ operational risk management. The IT specialists could also provide assistance to the other specialist and analysis teams with regard to sampling techniques and other areas. Board awareness for business continuity was raised in 2006 but the BSD should clarify its requirements more formally, for example, in a regulation so that supervisory expectations are clear. |
| Interest Rate Risk in the Banking Book (CP 16) | |
| Internal Control and Audit (CP17) | |
| Abuse of Financial Services (CP18) | Consider expanding the BSD’s in-house expertise on countering abuse of financial services. |
| Supervisory Approach (CP 19) | Consider upgrading the BSD’s risk assessment methodology. Further develop the SREP Manual by including more detailed practical guidance for BSD staff. |
| Supervisory Techniques (CP 20) | Consider expanding BSD staff for credit risk assessment and specialized areas such as IT risk. |
| Supervisory Reporting (CP 21) | Incorporate related party exposures and country and transfer risk exposures in prudential returns. |
| Accounting and Disclosure (CP 22) | |
| Supervisors’ Corrective and Remedial Powers (CP 23) | Expand the registrar’s authority to cancel or suspend a bank’s license and empower him to appoint a curator. |
| Consolidated Supervision (CP 24) | Further improve the interaction between the BSD and the FSB. |
| Home-Host relationships (CP 25) |
Table 2.
South Africa: Recommended Action Plan to Improve Compliance with the Basel Core Principles
| Reference Principle | Recommended Action |
|---|---|
| Objectives, Independence, Powers, Transparency and Cooperation (CP1) | Enlarge the scope for the registrar to take remedial action without the minister’s prior consent. Reconsider the required consent of the bank’s CEO or chairperson for the appointment of a curator. |
| Permissible Activities (CP 2) | |
| Licensing criteria (CP3) | |
| Transfer of Significant Ownership (CP4) | Consider requiring banks to notify the BSD of material adverse information on the suitability of shareholders. |
| Major Acquisitions (CP 5) | Specify the amounts that banks may invest in subsidiaries and the criteria the BSD uses for assessing proposed investments in subsidiaries. |
| Capital adequacy (CP6) | Introduce an explicit revocation power of the registrar’s approval of the use of advanced approaches for the calculation of regulatory capital for market risk and credit risk. |
| Risk management Process (CP 7) | |
| Credit risk (CP8) | |
| Problem assets, Provisions and Reserves (CP 9) | The BSD relies, as part of its supervisory approach, on the FRS provisions as audited by the external auditor and the outcomes of the external auditors report under Regulation 46 (4). Consider providing more specific qualitative guidance on the BSD’s requirements to the external auditors and/or the banks to ensure that all the essential criteria of this core principle are addressed. Clarify BSD expectations with regard to forward looking provisioning for prudential purposes with banks and/or external auditors. |
| Large Exposure Limits (CP10) | |
| Exposures to Related Parties (CP 11) | Obtain regular returns on banks’ aggregate and individual exposures to related parties. |
| Country and Transfer Risks (CP 12) | Promulgate a regulation specifically dealing with country and transfer risk. Increase the granularity of regional exposures on BA610. Provide more guidance on the scope of the work done by the external auditors under Regulation 46 (4) |
| Market Risk (CP 13) | |
| Liquidity Risk (CP 14) | Continue closely monitoring banks’ liquidity management, including stress testing and contingency planning. |
| Operational Risk (CP 15) | Prioritize IT capacity building within BSD specialist risk areas in order to enable it to assess fully and adequately all aspects of banks’ operational risk management. The IT specialists could also provide assistance to the other specialist and analysis teams with regard to sampling techniques and other areas. Board awareness for business continuity was raised in 2006 but the BSD should clarify its requirements more formally, for example, in a regulation so that supervisory expectations are clear. |
| Interest Rate Risk in the Banking Book (CP 16) | |
| Internal Control and Audit (CP17) | |
| Abuse of Financial Services (CP18) | Consider expanding the BSD’s in-house expertise on countering abuse of financial services. |
| Supervisory Approach (CP 19) | Consider upgrading the BSD’s risk assessment methodology. Further develop the SREP Manual by including more detailed practical guidance for BSD staff. |
| Supervisory Techniques (CP 20) | Consider expanding BSD staff for credit risk assessment and specialized areas such as IT risk. |
| Supervisory Reporting (CP 21) | Incorporate related party exposures and country and transfer risk exposures in prudential returns. |
| Accounting and Disclosure (CP 22) | |
| Supervisors’ Corrective and Remedial Powers (CP 23) | Expand the registrar’s authority to cancel or suspend a bank’s license and empower him to appoint a curator. |
| Consolidated Supervision (CP 24) | Further improve the interaction between the BSD and the FSB. |
| Home-Host relationships (CP 25) |
B. Authorities’ Response to the assessment
26. National Treasury welcomes the assessment and the recommendations of the BCP-Detailed Assessment Report. Treasury is firmly of the view that banking supervision in South Africa is sound as can be attested to by the resilience of the banking sector during the worst financial crisis in recent history. However, apart from the areas where the assessment has been queried by the regulator, we note the recommendations made by the assessors especially in areas concerning the remedial powers of the registrar of Banks and the need for banks to improve their significant risk disclosures (related party risks, country and transfer risks). These areas will receive the necessary attention in order to further strengthen the South African bank regulatory framework.
27. The Banking Supervision Department (BSD) has raised concerns with some of the assessments in the report, and these are listed below.
i. Core Principle 5 – Major Acquisitions
28. The draft report correctly states, under ‘comments’, “The Banks Act and the Regulations do not define the amounts (absolute or in relation to a bank’s capital) of investments by a bank in a subsidiary that need prior supervisory approval.”
29. The BSD is of the opinion that EC 1 of CP 5 is not a requirement specifically related to the acquisition of subsidiaries, but is a requirement for acquisitions in general, stating “laws or regulation clearly define what types and amounts (absolute and/or in relation to a bank’s capital) of acquisitions and investments need prior supervisory approval.”
30. The BSD applies a more stringent requirement in respect of subsidiaries than the aforesaid requirement of the CP by specifying that any establishment or acquisition of a subsidiary requires prior supervisory approval, irrespective of the amount involved.
31. The BSD required clarification on how a more stringent application of a CP requirement can contribute to an assessment of ‘largely compliant’ as opposed to ‘compliant’.
ii. Core Principle 6: Capital Adequacy
32. Capital adequacy was assessed as ‘largely compliant’ and the recommended action includes “Introduce an explicit revocation power of the registrar’s approval of the use of advanced approaches for the calculation of the regulatory capital for market risk and credit risk.”
33. The BSD is of the view that the rating of ‘largely compliant’ should be upgraded to ‘compliant’. The recommendation is viewed as not materially important: since the registrar has the power to approve an application, under Administrative Law principles, it may also decline or revoke applications. Furthermore, measures other than revocation are also in place to address areas of non-compliance, such as additional reviews by external experts and additional capital requirements by means of a Pillar 2 add-on.
34. In this regard, on 30 April 2010, the BSD already provided the following comments and supporting evidence to the assessors:
The assessment of ‘largely compliant’ is disputed and should be ‘compliant’. The assessors’ commentary that the Registrar should have explicit power to revoke the use of the advanced approaches for credit and market risk, although we will consider its inclusions, is not materially valid. According to Administrative Law principles, when an authority has the power to approve an application, it similarly has the power to decline the application or to revoke a previously granted approval.
This CP is underpinned by 7 ECs with which the BSD has self-assessed itself as compliant as opposed to the assessors who have accorded an assessment of ‘largely compliant’. The only reason that BSD can possibly find for this is the issue that an explicit revocation for approval for advanced approaches or internal model methods for credit risk and market risk should be added to the Regulations. Given this one item (that is not even materially valid, as already explained) in the overall scheme of a multitude of many criteria, the assessment should be compliant. Furthermore, revocation power is in any event an integral part of the conditions of approval (which is subject to annual review). Finally, EC 7 is not prescriptive and states “…the supervisor may revoke its approval…” and is also not prescriptive where this power should reside – the BSD has included it in the conditions of approval. It was therefore BSD’s interpretation that revocation was only one of a number of avenues to address non-compliance. With respect to credit risk, approval is only granted for the use of IRB after a rigorous process has been followed, which includes a parallel run period and a panel review. Upon granting approval, stringent additional conditions are also specified in respect of areas of possible concern to the BSD. Measures other than revocation are also in place to address areas of non-compliance, such as additional reviews by external experts and additional capital requirements by means of a Pillar 2b add-on (the BSD provided hard evidence of the aforesaid to the assessors). It is important to take note that the fact that revocation power has not explicitly been included in the Regulations has not prevented the BSD from utilising it (BSD also provided hard evidence of such revocation to the assessors).
iii. Core Principle 9 – Problem assets, provisions and reserves
35. In respect of the assessors’ comments regarding general allowance for credit impairment not being clearly defined under IFRS and part of it may be included in tier 2 capital, the BSD wishes to reiterate its comments previously provided to the assessors (on 30 April 2010), that although general allowance for credit impairment is not clearly defined under IFRS, no EC specifically requires that general provisions or allowance should be defined.
36. Nevertheless, the BSD has included a specific definition of ‘general allowance’ in regulation 65 of the Regulations, and the fact that part of it may be included in tier 2 capital is completely in accordance with, and aligned to, the Basel II framework.
iv. Core Principle 11: Exposures to related parties
37. The BSD queries the assessment of ‘materially non-compliant’, proposing an amendment to ‘largely compliant’ since it is compliant with most requirements of this Core Principle. Nonetheless, it notes the recommendations made with respect to obtaining regular returns on banks’ exposures to related parties and requiring banks to have policies in place to identify individual exposures to related parties.
v. Core Principle 12 - Country and transfer risk
38. Based on the comprehensive motivation previously provided to the assessors, which is repeated below for ease of reference (paragraphs 39 to 47), the BSD disputed the assessment of ‘materially non-compliant’ and proposed that the assessment be reconsidered to be ‘largely compliant’.
39. Nevertheless, the BSD has noted the only two recommendations of the assessors specified under ‘comments’, namely:
a. A regulation specifically dealing with country and transfer risk should be promulgated since these are material risks to some of the banks.
b. The granularity of regional exposures on form BA210 should be increased so that the BSD is in a position to monitor country and transfer risk on an ongoing basis.
40. Section 73 of the Banks Act read with regulations 24(6) and 24(7) of the Regulations, and the form BA 210, deal extensively with concentration risk, including:
c. Exposure to a person;
d. Exposure to a private-sector non-bank person;
e. Exposure to an industry;
f. Exposure to a sector;
g. Exposure to a geographical area;
h. Board approval for exposures in excess of 10 per cent of capital and reserve funds;
i. Registrar approval for exposure to a private-sector non-bank person in excess of 25 per cent of capital and reserve funds;
j. Separate reporting requirements for concentrated exposure, including exposure to a person, a sector or a geographical area (see form BA 210);
k. Specified reporting thresholds;
l. Provision to specify further reporting thresholds or limits;
m. Provision to specify additional capital requirements or conditions in respect of any exposure that exceeds any specified threshold.
41. Currently approximately 90 per cent of South African banks’ credit exposure relates to exposure within South Africa, in respect of which the aforesaid large exposure rules of 10 per cent and 25 per cent respectively apply, with the remaining approximately 10 per cent of credit exposure distributed between all other countries across the world. Therefore, in respect of South African banks’ material credit exposure, specified limits and specified requirements are in place, whilst the South African banks’ credit exposures to country and transfer risk (exposure outside the borders of South Africa) are largely immaterial per country or region, with no need or purpose to date to specify limits in the Banks Act or the Regulations.
42. In respect of EC 3, for example, provisioning for country and transfer risk is set by banks themselves for each individual loan, based on IFRS. The IFRS provisioning is then judged by the external auditor during their year-end audits and by the BSD during prudential meetings, on-site visits or Internal Capital Adequacy Assessment Process meetings (ICAAPs), when required or judged appropriate. This is one of the options provided for by EC 3.
43. In this regard EC3 states that “… there are different international practices which are all acceptable as long as they lead to risk-based results …”. Based on the aforesaid and the related risk-based approached followed in South Africa, which is in line with the principles contained in the CP and in the Basel II framework, it has not been necessary for the BSD to specify any country and transfer risk limits, although the regulatory framework (Banks Act) does provide the BSD with the power to do so when, and if, required in the future.
44. The first sentence under “Description” states: “There are no specific regulations or prudential limits in place for country risk or transfer risk as these risks are expected to be captured in the overall credit risk management framework of banks.” This statement is not based on the requirements of any of the ECs as specific regulations or prudential limits for country and transfer risk are not included in the ECs of this CP. The ECs make provision for banks to have in place country exposure limits and it is then expected of supervisors to confirm adherence thereto (EC2).
45. In this regard, the BSD, through its assessment of banks’ ICAAPs, assesses banks’ policies and processes for country and transfer risk that gives due regard to the identification, measurement, and monitoring and control of country risk and transfer risk, which is in accordance with the requirements of the ECs.
46. The BSD is of the opinion that no additional guidance in terms of Regulation 46(4) is necessary. The external auditors assess banks’ adherence to IFRS that require banks to impair financial assets where there is evidence that a financial loss had occurred.
47. Finally, it should be noted that an increase in country and transfer risk exposures in general would result in increased diversification (as the South African banking system is concentrated) and would therefore lower the level of concentration risk in South Africa.
vi. Core Principle 23 - Corrective and Remedial Powers of Supervisors
48. The assessment of ‘materially non-compliant’ was disputed by the BSD in its comments previously provided to the assessors on 30 April 2010. The BSD reiterates that the comments repeated hereunder for ease of reference (paragraphs 49 to 56), be tested against the ECs in order to accept the BSD’s proposal that the assessment be amended to ‘compliant’.
49. The BSD strongly disagrees that there are “severe limitations” on the Registrar’s authority to cancel or suspend a bank’s licence. The assessors have taken issue with the power of the supervisor to revoke a banking licence, commenting that the Minister’s role in supervisory remedial actions needs to be reconsidered. As was explained to the assessors, the role of the Minister is to provide a “check and balance” in order not to have to approach the courts, which is a public process that could be lengthy, expensive and not necessarily always achieving the desired outcome.
50. Section 23 read with section 24 of the Banks Act provides that the Registrar may cancel or suspend a bank’s registration - with the consent of the Minister - in specifically defined areas:
a. where a bank does not commence business within 6 months of registration;
b. if the registration was obtained through false or misleading information;
c. if an international parent bank’s licence has been revoked in such a foreign jurisdiction;
d. if a bank has failed to comply with conditions prescribed by the Registrar for registration; or
e. if a bank ceases to do business or is no longer in operation.
51. Section 25 of the Banks Act provides for the suspension or cancellation in any other case than described above - by an application to Court, especially in the following cases - but not limited thereto:
f. the directors or executive officers of the bank have been convicted of any offence in terms of the Banks Act;
g. the bank does not conduct business satisfactorily;
h. the bank failed to comply with requirement of Banks Act;
i. the bank continues to employ undesirable practices;
j. the bank has materially misrepresented facilities it offers to the public.
52. The 30 days afforded to a bank before cancellation of its registration only relates to section 23 of the Banks Act. In all other cases a court may be approached on an urgent basis for cancellation of a bank’s registration. EC4 of CP23 requires the supervisor to have the power to revoke or “recommending the revocation” of the banking licence.
53. Furthermore the requirement in section 69(1)(a) of the Banks Act to require the written consent of the Chief Executive Officer OR the chairperson of the board of directors of that bank before the appointment of a curator, is a process to protect the rights of the bank on the one hand, but to ensure a speedy process on the other. The alternative would be to prescribe a process to approach the courts which is not only a slower and more expensive process, but also one that is in the public domain, which could lead to a number of negative consequences.
54. The fact of the matter is that the Registrar can take prompt remedial action as the arrangement in place in no way restricts the Registrar from acting in accordance with the CP in a suitable or legal manner. In the past the Registrar has deregistered a bank and appointed curators for banks on various occasions, without any problems or delays.
55. The legal framework provides for a wide range of measures and tools to address non-compliance or to effect the orderly resolution of problem banks.
56. As explained by the BSD the role of the Minister in the cancellation or suspension of a bank’s registration or in the appointment of a curator is overemphasised by the assessors. The process has been tested in practise on numerous occasions and has been found to work well and expediently each time. Given the myriad of compliance with the vast majority of the detail within all the ECs, and the subjective nature of the judgemental view, the assessment should be amended to ‘compliant’.
1
The assessment was conducted by Katia D’Hulster (World Bank) and Jan Rein Pruntel (Consultant to the IMF).
2
Issued by the Basel Committee on Banking Supervision, October 2006.
3
Members of the Forum include the SARB, FSB, NT, the Banking Association of South Africa, the Life Offices Association, the South African insurance association, the JSE, BESA, the Payment Association of South Africa, BANKSERV and STRATE.
4
Paragraph 6j for the simplified standardized approach, paragraph 8j for the standardized approach, 11q for the foundation IRB approach and 13e for advanced IRB banks.
5
Including foreign branches.
6
Every year, the registrar determines a range of topic for dialogue with the board, or the Audit Committee and external auditors across all banks. Other topics included involvement of board remuneration subcommittees in the incentive scheme of the bank and board members involvement in the oversight of banks operational risk framework.
7
The offences include, inter alia, fraud, reporting irregularities, breach of fiduciary duty.
8
With the implementation of Basel II, where banks rely on historical data for the determination of risk estimates, the integrity of the IT systems has gained even more importance.